Emergency Plugin Update | WordPress.org

JackTheKnife
(@scyzor)

8 years, 10 months ago

I have got an email notification from my hosting company that I need to upgrade wooCommerce to the most recent version (2.3.11) because recent hack was found in older versions of this plugin which allows an attacker to perform an Object Injection which allows the attacker to download any file from your account with no authentication required.

My question is which previous version is this hack related to? As far I know there were major changes to wooCommerce plugin in version 2.3 but if I have running pre-2.3 version does the site is still vulnerable?

https://wordpress.org/plugins/woocommerce/

Viewing 1 replies (of 1 total)

Thread Starter JackTheKnife
(@scyzor)

8 years, 10 months ago

Found that useful: http://www.wordfence.com/blog/2015/03/woocommerce-sql-injection-vulnerability/

Viewing 1 replies (of 1 total)

The topic ‘Emergency Plugin Update’ is closed to new replies.

In: Plugins
1 reply
1 participant
Last reply from: JackTheKnife
Last activity: 8 years, 10 months ago
Status: not resolved