WooCommerce security fix

The popular WordPress e-commerce plugin WooCommerce just released an important security patch. The security flaw, discovered by FortiGuard Labs,  exposed a Cross-Site Scripting (XXS) opportunity. According to FortiGuard, the vulnerability “allows users with the contributor or higher permission to insert arbitrary HTML/Javascript into WooCommerce pages by changing image caption or uploading a crafted image file.”

Because of the nature of this vulnerability, a user needs a WordPress login to your site to take advantage of it. If you have a small, trusted team, perhaps this isn’t an urgent fix. However, if your team uses weak passwords—or uses the same login on other sites—you might already be compromised and not know it.

Announced on February 20, this bug affects WooCommerce versions 3.5.4 and earlier. If your website uses WooCommerce, please update your plugin as soon as possible. The easiest update method is to visit your dashboard and click on Updates. You can find this link near the top of the left side navigation. Follow the instructions to update WooCommerce. You can also download the latest version from the WooCommerce.

How BitSalt Can Help

Discoveries like this highlight the need for frequent software updates on your website. While nearly all WordPress sites have a few plugins, some sites might have 20 or more. Good plugin developers are always adding features or improving existing ones. And security flaws are a constant cat-and-mouse game between developers and hackers.

BitSalt hosting plans include weekly software updates and immediate security updates. Software security isn’t usually on the mind of most small business owners. Unless you have dedicated website staff, issues like this can go unnoticed for weeks or more. With BitSalt as your hosting partner, you get real time protection against threats. We watch threat databases and know within minutes of a new potential risk to your site. Whether it’s a WooCommerce security fix like this or a core WordPress update, that means greater protection and less downtime for your website. If you’re unsure about your website security, Contact us today and we’ll discuss your specific needs.

Related Posts

Leave a comment