The WooCommerce and WordPress VIP teams have identified a critical vulnerability in WooCommerce (versions 3.3 to 5.5) and the WooCommerce Blocks feature plugin (versions 2.5 to 5.5).
Upon learning of this vulnerability, we immediately implemented a platform-wide mitigation, proactively protecting all WordPress VIP customers. We strongly advise all customers using WooCommerce and WooCommerce Blocks plugins to upgrade as soon as possible.
WordPress VIP Support can perform this security upgrade on your behalf if desired. To initiate this request, please file a support ticket or contact your Relationship Manager.
How to update
The discovered security vulnerability affects all unpatched versions of WooCommerce from 3.3 to 5.5. If you are using any of these versions of WooCommerce, you will need to install an updated version that includes the security updates.
If possible, we recommend upgrading your WooCommerce installation to 5.5.1, which is the latest available version.
If your site uses the WooCommerce Blocks feature plugin apart from WooCommerce, you will need to update that plugin to the latest version, which is 5.5.1.
To upgrade your installed version:
- Determine the version of WooCommerce currently in use on your site. You can find this information either within your WordPress admin area, or by checking the readme.txt file for your installed WooCommerce plugin.
- Visit the WooCommerce website list of available versions and download the most recent release for that major version. (For example: if you have 5.5.0 installed, you will need to download 5.5.1.) The updates released in response to this security vulnerability are dated July 14, 2021 on the releases page.
- Commit the more recent version of the plugin to your site’s repository, and deploy those changes.
- Double-check the installed version of the plugin to ensure it has been properly updated.
More detailed information regarding the plugin installation process on WordPress VIP can be found in the following documentation pages:
WordPress VIP Lobby 