On July 13, 2021, a critical vulnerability affecting WooCommerce and the WooCommerce Blocks feature plugin was identified and disclosed via the HackerOne security program.
This morning, version 5.5.1 was released as a patch fix to protected WooCommerce Stores.
I have a WooCommerce store – what action should I take?
If you’re on one of our Blink Web Maintenance Plans, we have already applied and tested the latest patch on your store. If not, we recommend logging in to your WordPress website and ensuring your WooCommerce version is 5.5.1 or later.
Has any data been compromised?
WooCommerce are conducting an investigation into this vulnerability and whether data has been compromised. They will be sharing more information with site owners on how to investigate this security vulnerability on their site, which they will publish on their blog when it is ready. If a store was affected, the exposed information will be specific to what that site is storing but could include order, customer, and administrative information.