On March 10, 2022, the Woo Team announced a security patch for all branches of WooCommerce going back to version 3.5.
This patch fixed several security flaws discovered within the PayPal Standard payment gateway which was installed as default up through WooCommerce 5.4 and on sites where it was activated remains active through today. (The plugin is NOT installed or activated by default on new installations beginning with WooCommerce 5.5)
What Should You Do?
If you are on one of our WordPress Care Plans and still utilizing the PayPal Standard payment gateway, this security update has already been applied and we will work with you to migrate to the new PayPal Payments plugin.
If you manage your own site, it may automatically upgrade to the latest security release. If it hasn’t, you may follow our guide below to update. Further, if you still run the PayPal Standard gateway, instructions for migrating to PayPal Payments can be found below.
Finally, if you are running a version of WooCommerce prior to 3.5, you should strongly consider upgrading your site to the latest release. If that’s not possible, you should immediately stop using the PayPal Standard gateway and migrate to the new PayPal Payments gateway if you wish to continue using PayPal.
Note this vulnerability does not affect your site if you are not accepting PayPal on your site and PayPal is disabled or if you have previously upgraded or are using the new PayPal Payments plugin.
All ESC! Technologies Group clients who subscribe to one of our WordPress Care Plans were updated to WooCommerce 6.2.2 or 6.3.1 depending on the branch of WooCommerce currently installed on your site. There is nothing further you need to do.
We are continuing to monitor the situation and will keep you updated if there’s anything further you need to know about this as it relates to your website.
Links – Further Reading
If you’d like more information about the vulnerability:
https://developer.woocommerce.com/2022/03/10/woocommerce-3-5-10-6-3-1-security-releases/
https://docs.woocommerce.com/document/woocommerce-paypal-payments/paypal-payments-upgrade-guide/
https://woocommerce.com/products/woocommerce-paypal-payments/
Updating Your Site
If you’re not subscribed to one of ESC! Technologies Group’s WordPress Care Plans, then before upgrading you’ll want to be sure to:
1. Ensure compatibility with and/or Upgrade all your third party plugins.
2. Ensure compatibility with your theme and framework and upgrade if necessary.
3. Turn off any caching plugins you may have installed.
4. Perform a full backup of your site and database.
5. Upgrade WooCommerce to the latest version for your branch.
6. After the upgrade is complete, re-enable your caching plugins and test your site.
Current releases of WooCommerce can be found here: https://developer.woocommerce.com/releases/
If you have any questions, or would like to learn more about our WordPress care plans, please Contact Us.