The WooCommerce plugin, one of the first choices for e-commerce and marketplaces, has made a clear difference to its competitors in many aspects. The increasing number of users has made the sites using the plugin more visible. This has whetted the appetite of attackers. WooCommerce, in my opinion, has created a very successful defense line against these attacks. In addition, the fact that it is open source helps to quickly identify any vulnerability. So what is the recent SQL Injection vulnerability that shook the WooCommerce ecosystem? And how to prevent it? Let's answer these questions immediately!

What is WooCommerce SQL Injection Vulnerability?

On July 14, 2021, WooCommerce released an emergency patch for an SQL Injection vulnerability reported by Josh from DOS (Development Operations Security), a security researcher based in Richmond Virginia. This vulnerability allows unauthenticated attackers to access arbitrary data in an online store's database.

WooCommerce is the leading eCommerce platform for WordPress and is installed on over 5 million websites. In addition, the WooCommerce Blocks feature plugin, installed on over 200,000 sites, was affected by the vulnerability and patched at the same time.

If you haven't set the WooCommerce plugin to update automatically, I recommend you update WooCommerce immediately.

The vulnerability affects versions 3.3 to 5.5 of the WooCommerce plugin and the WooCommerce Blocks 2.5 to 5.5 plugin.

WooCommerce Takes Immediate Action Against Vulnerability

Made by WooCommerce in the announcement Beau Lebens, Head of Engineering at WooCommerce, said, "Upon learning of the issue, our team immediately conducted a thorough investigation, audited all relevant codebases, and created a patch fix for every affected version (90+ versions) that was automatically deployed to vulnerable stores."

Due to the critical nature of the vulnerability, the WordPress.org team is sending mandatory automatic update notifications to vulnerable WordPress sites using these plugins. Site administrators using older versions can update immediately with a single click. For example, if your site uses WooCommerce version 5.3, you can update to version 5.3.1 to minimize the risk of compatibility issues. Within the security announcement from WooCommerce, there is a table detailing the version of WooCommerce with 90 patches. Also, WooCommerce has a useful and extensive guide for updates. guide has.

How Many Stores Has This Vulnerability Affected?

If you believe you have been exploited due to this vulnerability, the WooCommerce team recommends admin password resets after the update to provide additional protection. If you believe your site may have been affected, a review of your log files may provide you with clues.

/wp-json/wc/store/products/collection-data or ?rest_route=/wc/store/products/collection-data You can search your log files for requests containing SQL statements. %2525 query strings containing  is also an indication that this vulnerability may have been exploited on your site.

According to WordFence so far, all attacks are coming from just a few IP addresses:

107.173.148.66 84.17.37.76 122.161.49.71

Improve the Security of Your WordPress Site!

Sites with eCommerce functionality are a high-value target for many attackers, so it is critical that vulnerabilities in eCommerce platforms are addressed immediately to minimize the potential damage that can be caused. With the growth of both WordPress and WooCommerce, more security researchers have drawn attention to WordPress-related products. The WooCommerce team's quick and deep solutions to protect WooCommerce users is a great sign for continued eCommerce security in the open source WordPress ecosystem.