Is "WooCommerce" safe?

WooCommerce: Plugin Details

---

Type:	Plugin
Author:	Automattic
URL:	https://wordpress.org/plugins/woocommerce/
Latest Version:	6.9.4

 

WooCommerce: Security Information

---

Insecure versions:	Up To 6.6.0-rc.2
Known since:	2022-06-21 10:39:49

Insecure versions:	Up To 6.3.0
Known since:	2022-03-11 11:08:27

Insecure versions:	Up To 6.2.0
Known since:	2022-02-24 10:00:59

Insecure versions:	Up To 6.2.0
Known since:	2022-02-24 09:59:08

Insecure versions:	Up To 5.6.0
Known since:	2021-09-23 07:47:22

Insecure versions:	Versions 5.5.0 - 5.5.0
Known since:	2021-07-15 13:57:04

Insecure versions:	Versions 5.4.0 - 5.4.1
Known since:	2021-07-15 13:57:04

Insecure versions:	Versions 5.3.0 - 5.3.0
Known since:	2021-07-15 13:57:04

Insecure versions:	Versions 5.2.0 - 5.2.2
Known since:	2021-07-15 13:57:04

Insecure versions:	Versions 5.1.0 - 5.1.0
Known since:	2021-07-15 13:57:04

Insecure versions:	Versions 5.0.0 - 5.0.0
Known since:	2021-07-15 13:57:04

Insecure versions:	Versions 4.9.0 - 4.9.2
Known since:	2021-07-15 13:57:04

Insecure versions:	Versions 4.8.0 - 4.8.0
Known since:	2021-07-15 13:57:04

Insecure versions:	Versions 4.7.0 - 4.7.1
Known since:	2021-07-15 13:57:04

Insecure versions:	Versions 4.6.0 - 4.6.2
Known since:	2021-07-15 13:57:04

Insecure versions:	Versions 4.5.0 - 4.5.2
Known since:	2021-07-15 13:57:04

Insecure versions:	Versions 4.4.0 - 4.4.1
Known since:	2021-07-15 13:57:04

Insecure versions:	Versions 4.3.0 - 4.3.3
Known since:	2021-07-15 13:57:04

Insecure versions:	Versions 4.2.0 - 4.2.2
Known since:	2021-07-15 13:57:04

Insecure versions:	Versions 4.1.0 - 4.1.1
Known since:	2021-07-15 13:57:04

Insecure versions:	Versions 4.0.0 - 4.0.1
Known since:	2021-07-15 13:57:04

Insecure versions:	Versions 3.9.0 - 3.9.3
Known since:	2021-07-15 13:57:04

Insecure versions:	Versions 3.8.0 - 3.8.1
Known since:	2021-07-15 13:57:04

Insecure versions:	Versions 3.7.0 - 3.7.1
Known since:	2021-07-15 13:57:04

Insecure versions:	Versions 3.6.0 - 3.6.5
Known since:	2021-07-15 13:57:04

Insecure versions:	Versions 3.5.0 - 3.5.8
Known since:	2021-07-15 13:57:04

Insecure versions:	Versions 3.4.0 - 3.4.7
Known since:	2021-07-15 13:57:04

Insecure versions:	Versions 3.3.0 - 3.3.5
Known since:	2021-07-15 13:57:04

Insecure versions:	Up To 4.6.1
Known since:	2020-11-10 14:19:16
Description:	Versions of WooCommerce prior to 4.6.2 contain a vulnerability that allows guest users to create accounts during checkout even when the “Allow customers to create an account during checkout” setting is disabled.

Insecure versions:	Up To 4.2.0
Known since:	2020-06-24 14:01:32

Insecure versions:	Up To 4.1.0-rc.2
Known since:	2020-05-19 03:20:40

Insecure versions:	Up To 3.7.0
Known since:	2019-10-28 03:24:25
Description:	See 3.7.1 change log

Insecure versions:	Up To 3.6.4
Known since:	2019-07-11 00:34:49

Insecure versions:	Up To 3.5.4
Known since:	2019-03-01 18:15:32

Insecure versions:	Up To 3.5.0
Known since:	2019-01-08 18:47:14

Insecure versions:	Up To 3.4.5
Known since:	2018-12-27 04:24:41

Insecure versions:	Up To 3.4.5
Known since:	2018-12-27 04:24:27

Insecure versions:	Up To 3.4.5
Known since:	2018-11-08 17:49:33

Insecure versions:	Up To 3.4.5
Known since:	2018-10-22 18:53:40

Insecure versions:	Up To 3.4.4
Known since:	2018-09-03 16:11:42

Insecure versions:	Up To 3.2.3
Known since:	2018-02-25 03:43:34

Insecure versions:	Up To 2.6.8
Known since:	2017-01-19 22:56:16

Insecure versions:	Up To 2.6.3
Known since:	2016-10-11 10:10:02

Insecure versions:	Up To 2.6.2
Known since:	2016-07-21 01:57:38
Description:	https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_woocommerce_using_image_metadata__exif_.html

Insecure versions:	Versions WooCommerce - 2.3.10
Known since:	2015-11-25 04:39:42

Insecure versions:	Up To 2.4.8
Known since:	2015-11-18 09:18:06

Insecure versions:	Up To 2.2.2
Known since:	2015-09-11 17:56:17
Description:	WooCommerce <= 2.2.2 - Reflected Cross-Site Scripting (XSS)

Insecure versions:	Up To 2.2.10
Known since:	2015-09-09 22:10:15

Insecure versions:	Versions 2.0.20 - 2.3.10
Known since:	2015-06-10 09:32:48
Description:	Object Injection via serialized data - Attackers can use the PayPal notification interface to execute code remotely. This issue was fixed in WooCommerce 2.3.11, and we strongly recommend upgrading as soon as possible.
Description:	WooCommerce 2.0.20 - 2.3.10 - Object Injection via serialized data

Insecure versions:	Up To 2.0.17
Known since:	2014-03-14 20:57:05
Description:	WooCommerce 2.0.17 - hide-wc-extensions-message Parameter Reflected XSS
More Information:

Insecure versions:	Up To 2.0.12
Known since:	2014-03-14 20:57:05
Description:	WooCommerce 2.0.12 - index.php calc_shipping_state Parameter XSS
More Information:

Insecure versions:	Up To 2.0.12
Known since:	2014-03-14 20:57:05
Description:	WooCommerce 2.0.12 - index.php calc_shipping_state Parameter XSS
More Information:

 

WooCommerce: Safety Recommendations

---

We have rated WooCommerce as Good (current version safe) which means that we have found vulnerabilities in older versions.

We recommend that you only use the latest version of WooCommerce.

WooCommerce: Keeping Safe

---

If you're running a business, ecommerce, news, or other critical website, Jetpack also provides additional indispensable services:

• Automated Backups
  Full backup of your entire site with unlimited storage space.
• Restores & Migrations
  Restore or migrate your site from a backup with one click.
• Security Scanning
  Regular, automated scans of your site for malware, threats, and hacks.
• Expert Support
  Fast, priority support for any WordPress security issue.

Choose Your Plan