top of page

WooCommerce Releases Patches for Critical Security Flaw Impacting Over 500,000 Websites

As eCommerce continues to grow, so do the risks associated with it. A recent study by Juniper Research found that online fraud is set to cost businesses $71 billion by the year 2024, up from $48 billion in 2019. This increase is due in part to the growth of eCommerce, as well as the fact that more and more businesses are conducting transactions online. One of the dangers of conducting business online is the risk of data breaches. In March of 2023, a critical security flaw was discovered in the WooCommerce Payments plugin for WordPress. This plugin is used by over 500,000 websites and if left unpatched, could allow a bad actor to gain unauthorized access to admin functions. This would enable the attacker to take over the website completely, without any user interaction or social engineering required. The vulnerability was discovered by Michael Mazzolini of Swiss penetration testing company GoldNetwork and resides in a PHP file called "class-platform-checkout-session.php". WooCommerce has released patched versions of the software (4.8.2, 4.9.1, 5.0.4, 5.1.3, 5.2.2, 5.3.1, 5.4.1, 5.5.2, and 5.6.2) and has also worked with WordPress to auto-update sites using affected versions of the software. In light of this discovery, WooCommerce has also decided to disable the WooPay beta program. This is a precautionary measure, as the security flaw has the potential to impact the payment checkout service. As eCommerce continues to grow, it's important to be aware of the risks associated with it. Be sure to keep your software up to date and take precautions to avoid bad actors from gaining access to your website.


bottom of page