WordPress websites vulnerable to WooCommerce plugin flaw, update now!

WordPress websites vulnerable to WooCommerce plugin flaw, update now!

A dangerous flaw has been found with the popular WordPress plugin WooCommerce that could allow an attacker with access to a single account to take over an entire site.

The vulnerability works with the attacker gaining access via a phishing attack or as an inside job, then the attacker could use a weakness in the log file deletion routine to delete woocommerce.php, taking down the site and causing WordPress to disable the plugin.

If you are running WooCommerce version 3.4.5 or earlier then you need to update WooCommerce via your WordPress Dashboard.

As with all updates to WordPress or WooCommerce, it is always advised to back up your WordPress website and database first.