WPLift is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission.

Weekly WordPress News and Updates: Mass attack on WordPress sites targets bug in WooCommerce plugin!

Last Updated on July 21st, 2023


If you run an online store powered by WordPress and WooCommerce, you might want to check if your site is secure. A recent campaign by threat actors has exploited a critical vulnerability in the WooCommerce Payments plugin, which enables users to accept card payments on their sites. The vulnerability, patched in March, allows attackers to impersonate administrators and take over WordPress sites.

According to Wordfence, a WordPress security firm, the attacks began on July 14 and peaked at 1.3 million attacks against 157,000 sites on July 16. The attackers used a sophisticated technique of reconnaissance and persistence, installing malicious plugins and code on compromised sites.

Wordfence recommends updating the WooCommerce Payments plugin to the latest version (5.6.2 or higher) and scanning your site for any signs of compromise. You can also use Wordfence’s firewall to block any attempts to exploit the vulnerability.

// Team WPLift




A team of WordPress experts that love to test out new WordPress related software, WordPress plugins and WordPress themes.