WooCommerce Patches Critical SQL Injection Vulnerability

The WooCommerce team announced on July 15th, 2021, that the WooCommerce (v3.3 through v5.5.0) and WooCommerce Blocks feature plugins (v2.5 through v5.5.0) were affected by a critical SQL injection vulnerability reported by HackerOne.

Currently, WordPress.org is forcing automatic updates on vulnerable sites, which is not a very common practice for addressing security issues affecting a large number of sites.

While WooCommerce merchants have the option to run the automatic update, WooCommerce merchants should make sure their stores are running the latest version (5.5.1).



If you have not updated WooCommerce or WooCommerce Blocks, you should do so immediately. Even though no signs of exploitation have been detected so far.

The WooCommerce team encourages merchants who might be vulnerable to exploitation to update their passwords after installing the patched version as a precautionary measure.

A day after this vulnerability was discovered, it was patched properly, which is great news for WooCommerce store owners. 

Read more:


Disclosure: Our content is reader-supported, which means that if you click on some of our links that we may earn a commission.