WordPress Issues Urgent Update to Fix Plug-In Security Breach

WooCommerce plug-in users were issued an automatic update to close a security vulnerability as fast as possible.

If you use the WooCommerce plug-in on WordPress, you likely dodged a pretty serious bullet, as a major security breach was detected that could have make your site vulnerable to cyberattacks.

Security breaches and data leaks are no longer a novelty on the web, with millions of people impacted on what feels like a daily basis. Subsequently, updating software has become increasingly important for individuals and organizations alike, as an out-of-date tool could spell doom for your financial situation.

WordPress is certainly no stranger to these kinds of problems, and another one has just popped up that could have caused some serious problems.

WordPress Forces Update for WooCommerce Plug-In Users

According to Cybersecurity researchers from GoldNetwork, WordPress websites that have the WooCommerce plug-in installed to accept payments were vulnerable to attack due to a security breach.

More specifically, the security vulnerability could have allowed hackers to “impersonate an administrator and completely take over a website without any user interaction or social engineering required.”

Fortunately, the problem was fixed so quickly and efficiently that no serious damage was done… this time.

“At this time, we have no evidence that the vulnerability was exploited beyond identifying it in our own security testing program. We do not believe any store or customer data was compromised as a result of this vulnerability. We immediately deactivated the impacted services and mitigated the issue for all websites hosted on WordPress.com, Pressable, and WPVIP.” – Beau Lebens, Head of Engineering at WooCommerce

Still, no security breach is a good security breach, and the news points to a continuing problem for WordPress and its millions of users.

Is WordPress Safe to Use?

WordPress is one of the most popular website builders in the world, largely due to its low price and robust blogging features. In fact, with 810 million sites powered by WordPress, it represents a staggering 43% of all the websites online. So why isn't it safer?

WordPress is a fairly bare-bones website builder compared to the likes of Wix and Squarespace, which means that users heavily rely on plug-ins to perform tasks like accepting payments. Unfortunately, plug-ins are a lot harder to regulate, which means that WordPress users have to deal with these kinds of security snafus from time to time.

Even worse, a recent study found that the massive library of plug-ins makes WordPress site owners that use them incredibly vulnerable to cyberattacks, with a 150% increase in security gaps since 2021.

“Vulnerabilities from plugins and themes remain as one of the biggest threats to websites built on WordPress.”

Simply put, there's a reason WordPress is so popular. It's affordable, easy to use, and great for blogging. Still, if you're a business that is likely going to need additional functionality like ecommerce and SEO tools, it's best to go with a website builder that doesn't rely on shaky plug-ins to get the job done.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Conor is the Lead Writer for Tech.co. For the last six years, he’s covered everything from tech news and product reviews to digital marketing trends and business tech innovations. He's written guest posts for the likes of Forbes, Chase, WeWork, and many others, covering tech trends, business resources, and everything in between. He's also participated in events for SXSW, Tech in Motion, and General Assembly, to name a few. He also cannot pronounce the word "colloquially" correctly. You can email Conor at conor@tech.co.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals