The WordFence blog has discovered a small vulnerability in WooCommerce 2.3.5, the latest version until today’s new release.
This WooCommerce vulnerability potentially allows an attacker to exploit an SQL Injection attack and run their own code on your site, however as the exploit is in the admin area, it is limited to those that have or can obtain Admin or Shop Manager access levels to your WordPress admin panel.
Our recommendation is to upgrade right away to version 2.3.6 which was released within hours of the vulnerability being found.
More information from the WordFence site:
http://www.wordfence.com/blog/2015/03/woocommerce-sql-injection-vulnerability/
You can download the new 2.3.6 version of WooCommerce released on March 13th 2015 at http://www.woothemes.com/woocommerce/.
Need more? Read about the 3 best WordPress security plugins and more ways to improve your website security.
HTTP vs HTTPS and SSL certificates can be a confusing topic. You probably know that…
We have some news for you, we've not just upgraded one of our most popular…
You shouldn't need much convincing, WordPress is a great tool for a lot of website…
You need an SSL certificate on your website, that’s not up for discussion. But we…
Save the environment one line of code at a time. Improving your website performance benefits…
It’s inevitable, something’s gone wrong – usually just when you need to send that important…