The WooCommerce team has identified a critical vulnerability in the WooCommerce Order Attribution feature affecting WooCommerce versions 8.8.0, 8.8.1, 8.8.2, 8.8.3, 8.8.4, 8.9.0, 8.9.1, and 8.9.2.
Upon learning of this vulnerability, WordPress VIP worked alongside the WooCommerce team to individually notify affected VIP customers. All affected production applications have been patched.
If you would like WordPress VIP to upgrade your WooCommerce version, please reach out to VIP Support and we will be happy to assist.
How to update WooCommerce
The security vulnerability affects all unpatched versions of WooCommerce noted above. If you are running an affected version of WooCommerce, please upgrade to WooCommerce 8.8.5, 8.9.3, or a later version that includes the security update.
To upgrade your installed version:
- Determine the version of WooCommerce currently in use on your site. You can find this information within your WordPress admin area, by checking the readme.txt file for your installed WooCommerce plugin, or in the VIP Dashboard Plugins Panel.
- Visit the release post on the WooCommerce website and download the provided versions. For example: if you have 8.8.4 installed, you will need to download 8.8.5.
- Commit the most recent version of the plugin to your site’s repository and deploy those changes.
- Double-check the installed version of the plugin to ensure it has been properly updated.
More detailed information regarding the plugin installation process on WordPress VIP can be found on the following documentation pages:
As always, please do not hesitate to reach out to us with any questions or concerns.
WordPress VIP Lobby 