If you’re currently using the WooComemerce plugin by WooThemes, we recommend immediately updating the plugin on all your sites to version 2.3.6.
After an SQL injection vulnerability was discovered today, the WooThemes team immediately put out a patch with a security fix.
WooCommerce is installed on over 1 million active WordPress websites […] The specific issue is an SQL injection vulnerability in the admin panel […] Because this vulnerability requires either a Shop Manager or Admin user account, it would need to be combined with an XSS attack in order to be exploited.
The best way to protect your site is by updating the plugin to the latest version (v.2.3.6).
Update The Plugin On All Your Sites Now with Sync
To update the WooCommerce plugin on all your sites, Sync users can log in now to update. You can also manually update the plugin after logging in to your WordPress dashboard. You’ll see the v2.3.6 update for WooCommerce available from your Updates menu.