Categories
WooCommerce Core

WooCommerce 3.5.8 security release

WooCommerce 3.5.8 is now available. Since this release contains fixes to harden security, we encourage you to update your stores as soon as possible.

~7 commits made it into this release and the full changelog is below.

* Security - Added escaping for states on the user profile screen.
* Security - Added escaping for PhotoSwipe captions.
* Security - Added escaping for SelectWoo selected options.

Download the latest release of WooCommerce here or venture over to Dashboard → Updates to update your plugins from WordPress.

As usual, if you spot any other issues in WooCommerce core please log them in detail on Github, and to disclose a security issue to our team, please submit a report via HackerOne here. Comments on this post are closed.

By Mike Jolley

Mike Jolley is a PHP and JavaScript developer who contributes to open source projects including WordPress and WooCommerce. He lives with his wife and child near Cambridge in the UK.