Quick Summary: A vulnerability was found in WooCommerce (v8.1+). No known exploits have occurred, but you must update to v10.4.3 to protect guest customer data.
At GOZEN Host, your store’s security is our top priority. We are reaching out to inform you that a security vulnerability has been identified in WooCommerce, and a critical patch has been released to address it globally.
While there is currently no indication that this vulnerability has been exploited, we strongly recommend that all clients running WooCommerce version 8.1 or newer update to the latest version, 10.4.3, as soon as possible.
How to Update Your Store
If your store has automatic updates enabled, the patch may have already been applied. However, we recommend manually verifying your version to be safe:
- Log in to your WordPress admin dashboard.
- Navigate to Dashboard → Updates.
- Check your WooCommerce version.
- If your version is 10.4.3, you are protected, and no further action is required.
- If you see an “Update now” link, please click it immediately to secure your site.
—
What Happened?
A vulnerability was recently discovered in the WooCommerce Store API. This flaw could allow a logged-in customer to view order details for “guest” customers (those who checked out without an account).
Our Technical Assessment:
- Specific Access Required: The exploit requires access to a particular API endpoint that is not easily discoverable.
- Limited Scope: It only affects information from guest customer orders.
- Account Required: An attacker would need to have a registered account on your store and be logged in to attempt the exploit.
- No Financial Data at Risk: No credit card numbers or sensitive financial details were exposed. Only general order info (names, emails, addresses, and items purchased) could have been involved.
Our Commitment to You
The WooCommerce team has released patches for all 23 affected versions (8.1 through 10.4.2). Our team at Gozen Host is monitoring the situation closely to ensure our infrastructure remains secure and that our clients have the resources needed to stay protected.
Need assistance? If you are unsure how to update your plugins or encounter any issues during the process, our support team is standing by to help. Open a ticket through your GOZEN Host client area.
Thank you for being a part of the GOZEN Host community.
Best regards,
The GOZEN Host Security Team
