Millions of WordPress sites get affected due to WooCommerce vulnerability

WooCommerece recently announced that they had patched a much critical vulnerability. It is affecting millions of WordPress sites. The publishers who are using the WooCommerce plugin or the WooCommerce Blocks plugin need to update the plugin.

The vulnerability, SQL Injection Vulnerability, is very severe in various cases. This is why WooCommerce is pushing the update automatically for the affected publishers. The updates are automatic, but some publishers are reporting that some sites have not yet received the update.

This is why it is important to check for the manual updates in the WordPress sites if the update is still not complete. The Woocommece is urged to get an update to the highest version of it.

An SQL Injection is a vulnerability that allows a malicious hacker to affect the database. It can display information or behave in different ways than usual. According to WooCommerce, if a store gets affected, the information will be specified to what that particular site is storing. However, it cannot include the customer, order, and other administrative information.

The announcement of WordFence has noted that this is a kind of Blind SQL Injection vulnerability. This vulnerability allows also unauthenticated attackers to access the data in the database of an online store. The WordFence Threat Intelligence team had been able to develop proofs of the concept for the time-based and the boolean-based injections. It has also released an initial firewall rule from its Premium customers within a few hours.

There is currently no evidence of the widespread attacks which are compromising the sites of WooCommerce. WordFence has also found that there is very limited evidence for such attempts, and it is more likely that the attempts have been highly targeted.

The version branch means the number associated with the version that the publisher is using. A publisher can use a very old version or the latest version. Each of the versions like 3,4, 5 refer to the versions branch. Some users also asked if version 4.8.1 is safe or not. WooCommerece answered that they are highly recommended to ensure that your version is up to date. The 4.8.1 version has some vulnerability patches.