Support » Plugin: WooCommerce » Auto-updating Woocommerce Plugin when “auto-updates” is OFF?

  • Resolved +ES

    (@evelynmsdesigngraphicscom)


    Hello+

    I have all auto-updates turned off for plugins on my site but I got an email from the system stating that the Woocommerce Plugin automatically updated to v 5.5.1…Are you guys forcing this plugin to auto-update? (Due to the Critical vulnerability in WooCommerce Issue (that you emailed out this morning, 07/15/21). Or is that “forced auto-update” indicating the site was hacked?

Viewing 15 replies - 1 through 15 (of 16 total)
  • Could it be your host? I know WP Engine is automatically updating these.

    Moderator Steve Stern (sterndata)

    (@sterndata)

    Forum Moderator & Support Team Volunteer

    All Woo users received the forced update.

    Thread Starter +ES

    (@evelynmsdesigngraphicscom)

    Thank you for the super quick response!
    I have 2 sites with different hosting; both auto updated
    1 site updated to v 5.5.1 (hosting A)
    Other site updated to v 5.5.2 (hosting B)
    I will reach out to them, but in the meantime… Is there really a v 5.5.2? Or should it all be v 5.5.1

    Thread Starter +ES

    (@evelynmsdesigngraphicscom)

    Forced to 5.5.1 or 5.5.2??

    Moderator Steve Stern (sterndata)

    (@sterndata)

    Forum Moderator & Support Team Volunteer

    5.5.1 seems to be the latest version. I just did a download and looked at the version number.

    Thread Starter +ES

    (@evelynmsdesigngraphicscom)

    Thank you – so does that mean my site is hacked when it shows Woocommerce Plugin v 5.5.2? (in your opionion)

    Moderator Steve Stern (sterndata)

    (@sterndata)

    Forum Moderator & Support Team Volunteer

    Dunno; I’ve asked in the “backroom”. Do you have a plugin like WordFence installed you could use to scan your site?

    Moderator Steve Stern (sterndata)

    (@sterndata)

    Forum Moderator & Support Team Volunteer

    There is no 5.5.2, so what I’d do:

    1. backup everything.
    2. via FTP or the file manager app of your hosting control panel, delete wp-content/plugins/woocommerce
    3. download a new copy of woocommerce from here.
    4. unzip locally.
    5. Upload the resulting woocommerce directory back to wp-content/plugins (via FTP or your hosting control panel).
    6. Run a scan on your site using WordFence.

    Thread Starter +ES

    (@evelynmsdesigngraphicscom)

    Yes, I both WordFence and BlogVault Security on both sites and used both to scan and everything comes up “okay” – so I do not think they are hacked. But one was showing Woocommerce v 5.5.2 after the forced update (and still had the “update to 5.5.1” button showing as well). That one I clicked to “update to v5.5.1” (even though it said it was already at v 5.5.2; it successfully updated to v 5.5.1.

    I am confused about the higher version showing after the forced update and still showing the “need to update to v 5.5.1” even though it was already showing a higher version as being active.

    Any thoughts about that?
    Thank you!

    Thread Starter +ES

    (@evelynmsdesigngraphicscom)

    Also, the site with WP Engine showed the forced update to v 5.5.1
    the site with GoDaddy showed the forced update to v 5.5.2

    Moderator Steve Stern (sterndata)

    (@sterndata)

    Forum Moderator & Support Team Volunteer

    Are you sure it wasn’t 5.4.2, not 5.5.2? Older versions also were updated.

    Thread Starter +ES

    (@evelynmsdesigngraphicscom)

    I am certain – I had previously updated them to the most recent version just a few days ago and then the Critical Vulnerability email came out and then I started getting the auto-update emails and I then went to the sites and one said “5.5.1” and had no “update” button and the other said “5.5.2” and had the “update to 5.5.1” button – which I thought was very odd since it said it was already at a higher version, and when I clicked the update it changed to “5.5.1” – then I reached out to you guys to see what’s what…
    All scans still say “not hacked” so… should I just let it go? (in your opinion)
    Thank you.

    Thread Starter +ES

    (@evelynmsdesigngraphicscom)

    Or should I reach out to GoDaddy?

    Moderator Steve Stern (sterndata)

    (@sterndata)

    Forum Moderator & Support Team Volunteer

    Definitely check with them; they may have done soemthing on their own.

    Thread Starter +ES

    (@evelynmsdesigngraphicscom)

    Okay, thank you very much for your super quick responses and time with me!

Viewing 15 replies - 1 through 15 (of 16 total)
  • You must be logged in to reply to this topic.