WooCommerce 8.8.5 and 8.9.3: Dot Release and Backport Fixes

WooCommerce 8.8 and 8.9 have received important fixes.

The issue is present on pages that contain the Classic Checkout and allows for the injection of HTML and JavaScript into the page. See our developer advisory for more information.

These releases fix said issues.

Current Stable Tag

👉 WooCommerce 8.9.3

📆 Released June 10, 2024

What’s in this release

We’re releasing patches for 8.8 and 8.9 to address an XSS vulnerability found in these versions, which affects pages with the Classic Checkout. This vulnerability allows for the injection of HTML and JavaScript, posing a security risk. To mitigate this, patches have been included in WooCommerce 9.0 and backported to versions 8.8 and 8.9. Users running these versions are advised to update urgently to protect against potential attacks.

See our developer advisory for more information.

Other important information

👉 The new stable tag is now 8.9.3, and with it includes all the updates from the 8.9 release.

Get WooCommerce 8.9.3

👉 To upgrade: See our update guide or download the latest release from WordPress.org.

🐞 Found a Bug? Please submit a report it on GitHub.

Need an older version?

VersionDownload
8.9.3 (current)Zip
8.8.5Zip

Leave a Reply

Your email address will not be published. Required fields are marked *