Security News > 2021 > July > Zero-Day Attacks on Critical WooCommerce Bug Threaten Databases
A critical SQL-injection security vulnerability in the WooCommerce e-commerce platform and a related plugin has been under attack as a zero-day bug, researchers have disclosed.
The exploitation prompted WooCommerce to release an emergency patch for the issue late on Wednesday.
The related plugin affected by the bug is the WooCommerce Blocks feature, which is installed on more than 200,000 sites.
The vulnerability affects versions 3.3 to 5.5 of the WooCommerce plugin and WooCommerce Blocks 2.5 to 5.5 plugin.
If your storefront is using WooCommerce version 5.3, you can update to version 5.3.1 to minimize the risk of compatibility issues."
WooCommerce is also recommending administrative password resets after updating to provide additional protection.
News URL
https://threatpost.com/zero-day-attacks-woocommerce-databases/167846/
Related news
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- UN's aviation agency confirms attack on recruitment database (source)
- Ivanti warns of new Connect Secure flaw used in zero-day attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Critical zero-days impact premium WordPress real estate plugins (source)
- SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) (source)