WooCommerce 8.8.5 and 8.9.3: Dot Release and Backport Fixes

WooCommerce 8.8 and 8.9 have received important fixes.

The issue is present on pages that contain the Classic Checkout and allows for the injection of HTML and JavaScript into the page. See our developer advisory for more information.

These releases fix said issues.

Current Stable Tag

👉 WooCommerce 8.9.3

📆 Released June 10, 2024

What’s in this release

We’re releasing patches for 8.8 and 8.9 to address an XSS vulnerability found in these versions, which affects pages with the Classic Checkout. This vulnerability allows for the injection of HTML and JavaScript, posing a security risk. To mitigate this, patches have been included in WooCommerce 9.0 and backported to versions 8.8 and 8.9. Users running these versions are advised to update urgently to protect against potential attacks.

See our developer advisory for more information.

Other important information

👉 The new stable tag is now 8.9.3, and with it includes all the updates from the 8.9 release.

Get WooCommerce 8.9.3

👉 To upgrade: See our update guide or download the latest release from WordPress.org.

🐞 Found a Bug? Please submit a report it on GitHub.

Need an older version?

VersionDownload
8.9.3 (current)Zip
8.8.5Zip

Keep yourself in the loop!

This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form


2 responses to “WooCommerce 8.8.5 and 8.9.3: Dot Release and Backport Fixes”

  1. Kaneda Avatar

    I have 8.9.3 installed but keep getting the message to update in admin… ?

  2. Hola,

    Creo que aun persiste el problema, luego de actualizar a la versión 8.9.3, tuve dos días son ningun problema. Ahora tengo el mismo inconveniente y tras desactivar WooCommerce la pagina web vuelve a estar operativa.

Leave a Reply

Your email address will not be published. Required fields are marked *