San Diego SEO Blog

WooCommerce 2.3.11 Patches Object Injection Vulnerability

on June 12, 2015

WooCommerce 2.3.11 patches an object injection vulnerability discovered by Sucuri. According to the security research company, the vulnerability is only present when the PayPal Identity Token option is set in WooCommerce.

Researchers used a combination of WordPress and WooCommerce components with a known PHP bug and were able to download critical files, including wp-config.php which has sensitive information. Versions 2.0.20 – 2.3.10 are considered vulnerable.

In addition to the patch, the release also has a number of bug fixes. If you haven’t already, update as soon as possible.

Source: WP Tavern

WooCommerce 2.3.11 Patches Object Injection Vulnerability

Related Posts

Take a look at these posts