According to new research by Simon Scannell, a researcher for PHP Security firm RIPS Tech, when WooCommerce is installed it will create a Shop Manager role. The Shop Manager user role has the “edit_users” WordPress capability/permission enabled. This capability allows users to edit any WordPress user.
However, there is good news. This vulnerability was fixed on October 11th with the release of WooCommerce version 3.4.6.
If you have a WooCommerce based eCommerce website, it is important to check the version of the installed plugin. Should you discover that it is older than version 3.4.6, upgrade to the latest version of WooCommerce to help prevent this potential security risk.
We hope this article has helped. If this was helpful please take a moment to like us on Facebook, share this on your social media or buy us a cup of coffee.
Need WordPress Support?
Should you need assistance updating your WooCommerce software, select “WordPress Plugin Install & Setup” from the drop down list on the form below.