Action Required Email
-
Hey All,
I got an email that looks pretty darn official from WooCommerce, but something seems off to me.
It states that WooCommerce (Version 3.3 to 5.5) and WooCommerce Blocks plugin were compromised. There are a lot of links in the email and it appears to be sent by mail chimp with a strange return path. It also suggest upgrading WooCommerce to 5.5 (which 5.4.2 is the highest I can upgrade at the moment).
Normally I’d shrug off an email like this, but the design of the email is really good. Odds are it’s a scam, yeah? Or is there a security issue going on currently that I need to be concerned about?
Thanks in advance!
-
Hi @chumpi,
I’m updating this from my previous response, as indeed there has been a critical vulnerability detected in WooCommerce on July 13, 2021. You’ll find further details here:
https://woocommerce.com/posts/critical-vulnerability-detected-july-2021/
An email has been sent out to our WooCommerce mailing list as well. If the content of the email you received is the one in the below link then it’s a legit email from WooCommerce:
https://mailchi.mp/woocommerce/action-required-critical-vulnerability-woocommerce
Thanks.
- The topic ‘Action Required Email’ is closed to new replies.
