WooCommerce 8.8.5 and 8.9.3: Dot Release and Backport Fixes

Pi Avatar
Pi

WooCommerce 8.8 and 8.9 have received important fixes.

The issue is present on pages that contain the Classic Checkout and allows for the injection of HTML and JavaScript into the page. See our developer advisory for more information.

These releases fix said issues.

Current Stable Tag

👉 WooCommerce 8.9.3

📆 Released June 10, 2024

What’s in this release

We’re releasing patches for 8.8 and 8.9 to address an XSS vulnerability found in these versions, which affects pages with the Classic Checkout. This vulnerability allows for the injection of HTML and JavaScript, posing a security risk. To mitigate this, patches have been included in WooCommerce 9.0 and backported to versions 8.8 and 8.9. Users running these versions are advised to update urgently to protect against potential attacks.

See our developer advisory for more information.

Other important information

👉 The new stable tag is now 8.9.3, and with it includes all the updates from the 8.9 release.

Get WooCommerce 8.9.3

👉 To upgrade: See our update guide or download the latest release from WordPress.org.

🐞 Found a Bug? Please submit a report it on GitHub.

Need an older version?

VersionDownload
8.9.3 (current)Zip
8.8.5Zip

Keep yourself in the loop!

Sign up for the WooCommerce developer newsletter:
Hidden
Hidden
Hidden

2 responses to “WooCommerce 8.8.5 and 8.9.3: Dot Release and Backport Fixes”

  1. Kaneda Avatar
    Kaneda

    I have 8.9.3 installed but keep getting the message to update in admin… ?

    Reply
  2. Cristian Fuentes Avatar
    Cristian Fuentes

    Hola,

    Creo que aun persiste el problema, luego de actualizar a la versión 8.9.3, tuve dos días son ningun problema. Ahora tengo el mismo inconveniente y tras desactivar WooCommerce la pagina web vuelve a estar operativa.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *