The security update WooCommerce 3.4.5 was released on August 29. It is important to update your shop as soon as possible, because without this update your shop is vulnerable to hackers. The fixed object injection vulnerability could only be exploited by users who can edit attributes, but still. Besides this fix, there are also other fixes to enhance the usability of WooCommerce.
- Tweak sanitization when resetting password cookie.
- Use `+` instead of `array_merge` when appending parent to tax class to fix issues with numeric tax class names.
- Correct translation for North Khorasan.
- Unify scroll-to notices for all browsers.
- Prevent multiple slashing of variation’s SKU.
- Variation image in fullscreen now shows correct caption for the respective image.
- Vertically center admin order action buttons.
- Correct context for shipping packages translation.
- Add permission checks for installing Jetpack on the setup wizard.
- Use refund currency instead of store default currency when displaying refund amount in the edit order screen.
- Fix a typo in REST API customer schema.
- Use entire sentence for checkout address_2 placeholder string.
- Only suppress comments number on unsupported theme shop page.
- Don’t allow users without manage_product_terms permissions to create categories using the product importer.
- Correct sale coupon restriction logic.
Remember to keep your WooCommerce shop up to date and backup your site regularly.
(Picture Courtesy of Yuri Samoilov)
