WooCommerce Vulnerability Fixed – Update to 2.3.6 Now

The WordFence blog has discovered a small vulnerability in WooCommerce 2.3.5, the latest version until today’s new release.

This WooCommerce vulnerability potentially allows an attacker to exploit an SQL Injection attack and run their own code on your site, however as the exploit is in the admin area, it is limited to those that have or can obtain Admin or Shop Manager access levels to your WordPress admin panel.

Our recommendation is to upgrade right away to version 2.3.6 which was released within hours of the vulnerability being found.

 

More information from the WordFence site:
http://www.wordfence.com/blog/2015/03/woocommerce-sql-injection-vulnerability/

You can download the new 2.3.6 version of WooCommerce released on March 13th 2015 at http://www.woothemes.com/woocommerce/.

 

Need more? Read about the 3 best WordPress security plugins and more ways to improve your website security.

Mr WordPress

We use WordPress every day, and so do many of our customers. We post tips, tricks and WordPress guides on the HostAsean blog to help you put together your own powerful WordPress based website. Subscribe for the latest updates or check back regularly.

Recent Posts

HTTP vs HTTPS: Risks of not using an SSL certificate on your website

HTTP vs HTTPS and SSL certificates can be a confusing topic. You probably know that…

5 years ago

Free Upgrades to Existing Web Hosting Packages

We have some news for you, we've not just upgraded one of our most popular…

5 years ago

Don’t reinvent the wheel. Why use WordPress instead of coding your own CMS

You shouldn't need much convincing, WordPress is a great tool for a lot of website…

5 years ago

No need to buy SSL certificates – they’re free!

You need an SSL certificate on your website, that’s not up for discussion. But we…

5 years ago

Save the environment – keep your website lightweight and energy efficient

Save the environment one line of code at a time. Improving your website performance benefits…

6 years ago

Troubleshooting common email issues

It’s inevitable, something’s gone wrong – usually just when you need to send that important…

6 years ago