WooCommerce Forced Update

  • Resolved bratan

    (@bratan)


    3 years, 4 months ago

    Despite all autoupdates turned off on my site, WooCommerce and WooCommerce Blocks got automatically updated yesterday to latest version 5.5.1
    Later that day I received e-mail about CRITICAL vulnerability.
    On one hand I’m glad it got patched, on the other hand what the heck? Does it mean they can override my settings and update at will? How does it happen? Am I missing something?
    screenshot

    • This topic was modified 3 years, 4 months ago by bratan.
    • This topic was modified 3 years, 4 months ago by bratan.
Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support Shaun Kuschel a11n

    (@shaunkuschel)

    Automattic Happiness Engineer

    Hey @bratan,

    In cases of critical vulnerabilities like this, it isn’t uncommon for hosting companies to apply the updates for their customers, so I would suggest checking to see if that may have been what happened. Usually they send an email when that is done to notify their users, but if you don’t see that I would contact your host to confirm whether this was the case or not.

    Thread Starter bratan

    (@bratan)

    I use self hosted solution, and my hosting company doesn’t have access to particular installation of the WordPress on my site.

    Plugin Support Shaun Kuschel a11n

    (@shaunkuschel)

    Automattic Happiness Engineer

    Hey @bratan,

    In that case, it sounds like your site was included in the automatic update that was deployed by our devs (who were working with the www.remarpro.com team), as mentioned in this post that said:

    Upon learning about the issue, our team immediately conducted a thorough investigation, audited all related codebases, and created a patch fix for every impacted version (90+ releases) which was deployed automatically to vulnerable stores.

    Plugin Support lionel.a11n

    (@lioneldaniel)

    Hi @bratan,

    We haven’t heard back from you in a while, so I’m going to mark this as resolved – we’ll be here if and/or when you are ready to continue.

    Cheers!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘WooCommerce Forced Update’ is closed to new replies.