A vulnerability related to WooCommerce (affected versions 3.3 to 5.5) and WooCommerce Blocks (affected versions 2.5 to 5.5) was discovered on the 13th of July and reported via the HackerOne security program. The exact details aren’t disclosed at the moment, but the WooCommerce team strongly recommends updating the system to the latest version available for your branch. To cover the vulnerability, WooCommerce prepared over 90 releases for all the available branches. The list of branches is available here.
The vulnerability investigation is still ongoing, so it is not clear if any data was compromised. Possibly affected information could include administrative information, customer and order data.
The WooCommerce team will share additional information, such as a way to recheck the vulnerability at your site. However, they still don't have all the information and are working to investigate this further. The notifications regarding this situation will be available in the WooCommerce blog.
In general, there is no need to worry since the WooCommerce team took care of the vulnerability really quickly. However, you still need to install the fix if your site is operated under one of the vulnerable versions.
