Is "WooCommerce" safe?

WordPress Plugin security and safety information.

Rating: Good (current version safe) Recommendations

WooCommerce: Plugin Details

Type:	Plugin
Author:	Automattic
URL:	https://wordpress.org/plugins/woocommerce/
Latest Version:	3.6.5

WooCommerce: Security Information

Insecure versions:	Up To 3.7.0
Known since:	2019-10-28 03:24:25
Description:	See 3.7.1 change log

Insecure versions:	Up To 3.6.4
Known since:	2019-07-11 00:34:49

Insecure versions:	Up To 3.5.4
Known since:	2019-03-01 18:15:32

Insecure versions:	Up To 3.5.0
Known since:	2019-01-08 18:47:14

Insecure versions:	Up To 3.4.5
Known since:	2018-12-27 04:24:41

Insecure versions:	Up To 3.4.5
Known since:	2018-12-27 04:24:27

Insecure versions:	Up To 3.4.5
Known since:	2018-11-08 17:49:33

Insecure versions:	Up To 3.4.5
Known since:	2018-10-22 18:53:40

Insecure versions:	Up To 3.4.4
Known since:	2018-09-03 16:11:42

Insecure versions:	Up To 3.2.3
Known since:	2018-02-25 03:43:34

Insecure versions:	Up To 2.6.8
Known since:	2017-01-19 22:56:16

Insecure versions:	Up To 2.6.3
Known since:	2016-10-11 10:10:02

Insecure versions:	Up To 2.6.2
Known since:	2016-07-21 01:57:38
Description:	https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_woocommerce_using_image_metadata__exif_.html

Insecure versions:	Versions WooCommerce - 2.3.10
Known since:	2015-11-25 04:39:42

Insecure versions:	Up To 2.4.8
Known since:	2015-11-18 09:18:06

Insecure versions:	Up To 2.2.2
Known since:	2015-09-11 17:56:17
Description:	WooCommerce <= 2.2.2 - Reflected Cross-Site Scripting (XSS)

Insecure versions:	Up To 2.2.10
Known since:	2015-09-09 22:10:15

Insecure versions:	Versions 2.0.20 - 2.3.10
Known since:	2015-06-10 09:32:48
Description:	Object Injection via serialized data - Attackers can use the PayPal notification interface to execute code remotely. This issue was fixed in WooCommerce 2.3.11, and we strongly recommend upgrading as soon as possible.
Description:	WooCommerce 2.0.20 - 2.3.10 - Object Injection via serialized data

Insecure versions:	Up To 2.0.17
Known since:	2014-03-14 20:57:05
Description:	WooCommerce 2.0.17 - hide-wc-extensions-message Parameter Reflected XSS
More Information:

Insecure versions:	Up To 2.0.12
Known since:	2014-03-14 20:57:05
Description:	WooCommerce 2.0.12 - index.php calc_shipping_state Parameter XSS
More Information:

Insecure versions:	Up To 2.0.12
Known since:	2014-03-14 20:57:05
Description:	WooCommerce 2.0.12 - index.php calc_shipping_state Parameter XSS
More Information:

WooCommerce: Safety Recommendations

We have rated WooCommerce as Good (current version safe) which means that we have found vulnerabilities in older versions.

We recommend that you only use the latest version of WooCommerce.

WooCommerce: Staying Up-to-date

Make sure your installation of WooCommerce is safe with the following free Jetpack services for WordPress sites:

Updates & Management
Turn on auto-updates for WooCommerce or manage in bulk.
Prevent Infiltrations
Automatic protection against brute force attacks and secure sign on.

Choose Your Plan

WooCommerce: Keeping Safe

If you're running a business, ecommerce, news, or other critical website, Jetpack also provides additional indispensable services:

Automated Backups
Full backup of your entire site with unlimited storage space.
Restores & Migrations
Restore or migrate your site from a backup with one click.
Security Scanning
Regular, automated scans of your site for malware, threats, and hacks.
Expert Support
Fast, priority support for any WordPress security issue.

Choose Your Plan

About this information

This WordPress security information is part of our security library and is brought to you by Jetpack as part of our committment to a safer WordPress experience.

If you have any questions, please do not hesitate to contact us.