WooCommerce Core

WooCommerce Beta Tester Plugin — Vulnerability Found

We have recently discovered a vulnerability in the WooCommerce Beta Tester Plugin that allows an attacker to execute arbitrary queries if they have the Shop Manager or Administrator roles. Since this requires a privilege escalation, the severity of the vulnerability is greatly reduced. However, due to non-compliance with the WordPress Plugin Guidelines, we have decided to remove the plugin from

Removing The Plugin

The WooCommerce Beta Tester Plugin provides a user interface for testing pre-release and past versions of WooCommerce. Despite its useful features, including the ability to test branches from GitHub (not available in the release), the plugin is no longer compliant with the WordPress Plugin Guidelines and will not be updated on going forward.

The plugin is not widely used and is not intended for use on production sites. Therefore, maintaining a separate, compliant version of the plugin does not make sense. However, we will continue to maintain the plugin on GitHub and release updates there.

What actions do I need to take?

If you are currently using the WooCommerce Beta Tester Plugin you should remove it from your WordPress sites. To do this, go to your WordPress dashboard, navigate to ‘Plugins’, find ‘WooCommerce Beta Tester Plugin’, and click ‘Deactivate’. Once deactivated, you will have the option to ‘Delete’ the plugin. Please ensure to backup your site before making these changes.

For those that are interested in continuing to use this plugin you can download it from where you will be able to receive the latest updates. This version contains the latest features and a fix for this security vulnerability. You will also continue to have the ability to test the latest pre-release versions of WooCommerce using the download link in each announcement blog post.

We advise all users to regularly update their plugins to ensure they’re protected from potential security issues. Your security is our priority and we appreciate your prompt attention to this matter.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.