WooCommerce Security Vulnerability

As of 10th June 2024, WooCommerce is urging all users to update their current WooComm version to the latest possible version. If you are registered with WooComm you should already have had an email telling you to action this ASAP but if you haven’t seen it or done it get it scheduled NOW.

Here is a rundown of the vulnerability from the email itself (So I don’t get anything wrong 😀 )…

A security researcher originally reported the vulnerability to us as part of Automattic’s HackerOne Bug Bounty Program. This vulnerability could allow for cross-site scripting — a type of attack where a bad actor manipulates a link to include malicious content (via code such as JavaScript) on a page. This could affect anyone who clicks on the link, including a customer, the merchant, or a store admin.
WooCommerce Security update email

Obviously you should action thius immediately as really you should with any plugin/WordPress update, but it is also worth checking that the security headers for your site are properly configured to make any such attacks/vulnerabilites have less of an impact on your hosted environment.

You can check your security header here with this tool from Probley (which has some lovely statistics on the dashboard for global site security and then apply the required actions by contacting your hosting provider or network team personally I have administered these headers through the control panel in CloudFlare which is another help tool/security layers that you can apply for free.

If you are still stuck and are unsure of how to resolve these issues then please do not hesitate to get in touch below.