Skip to main content

Attention all WooCommerce Payments users! On March 22, 2023, a critical vulnerability was discovered that could allow unauthorized admin access to your website. strongly advises updating your WooCommerce Payments immediately to ensure your website’s safety. Don’t have time to update? We can help – as professionals, we’ll ensure your website is secure.

If You Have WooCommerce Payments Installed, Please Follow These Steps:

  • If your website is hosted on, it is being updated to remove the vulnerability.
  • Websites with WooCommerce Payments 4.8.0 and higher installed and not hosted on need to ensure they have the latest version by checking the version number under the WooCommerce Payments plugin in the WP Admin dashboard. If a new version is available, it should be downloaded and installed.
  • After updating, it is recommended to check for any unexpected admin users or posts on the site and update passwords for admin users and payment gateway and WooCommerce API keys if necessary.

To Verify That Your Version is Up-to-Date

Check the list of patched WooCommerce Payments versions below. If your version is not on this list, update immediately:

  • 4.8.2
  • 4.9.1
  • 5.0.4
  • 5.1.3
  • 5.2.2
  • 5.3.1
  • 5.4.1
  • 5.5.2
  • 5.6.2

Passwords and Sensitive Information

While it is unlikely that your passwords were compromised, we suggest updating passwords for any Administrator users on your site who might have reused the same password on multiple websites. Also, change any private or secret data, such as API keys or payment gateway keys, stored in your WordPress/WooCommerce database.

A Note to Developers, Agencies, and Service Providers 

We urge you to share this information with your clients who have WooCommerce Payments installed. Make sure they are using the latest version of the plugin to ensure their protection.

A Note to Merchants

There is no indication that this vulnerability compromised store or customer data. WooCommerce is still safe to use. Keep monitoring our blog or newsletter for updates on this issue just in case.



Leave a Reply