WooCommerce 10.5.3 has been released.
WooCommerce 10.5.3 includes important security hardening for the Store API batch endpoint.
Current Stable Tag
- Released — March 02, 2025
What’s in this release
Improves Store API batch endpoint security by fixing path validation that could allow malicious requests to bypass nonce checks. The fix properly parses the URL path and validates that it starts with /wc/store, ensuring batch requests only reach intended Store API endpoints. #63501
For more information on this update, please read our full advisory: Store API Vulnerability Patched in WooCommerce 5.4+ – What You Need To Know.
Leave a Reply