- Jul 16, 2021
- by Paris Backston
As a web hosting company, A2 Hosting has the privilege and responsibility of ensuring the safety of all of our customers’ websites. On July 13, 2021, a critical vulnerability in the WooCommerce WordPress plugin was identified which allows unauthenticated website visitors to view all data contained within a WooCommerce store’s database.
WooCommerce was made aware of this vulnerability, which could potentially leak information like customer data, payment card information, and employee login information among others. They pushed out an update that that should be automatically applied to all installations of the WooCommerce plugin. Immediately following notification of this vulnerability, out of an abundance of caution and to ensure any customers whose plugins did not correctly update were safe, A2 Hosting pushed out another security mitigation rule which is designed to block any visitors attempting to take advantage of this vulnerability. This mitigation is designed to match the URL request pattern used by malicious actors to exploit this vulnerability and reject that request. All customers’ sites should have automatically been updated when WooCommerce pushed the update, our response was in case the update didn’t happen for whatever reason. This was a secondary protection measure. We urge WooCommerce users to check to make sure your WooCommerce version is updated to the latest to ensure compatibility with any upcoming updates. If you need any help with this please contact support.
We at A2 Hosting are committed to the security of our customers and are proactively monitoring any online threats that may impact your site. It is always our mission to protect your site and help keep you informed on ways you can keep your website secure and your personal information safe!