On May 28, 2024, Woo’s engineering team discovered an issue within WooCommerce (version 7.8 and above) that allowed certain visitor data to be unintentionally collected by Automattic, Woo’s parent company.
This issue only occurred on my WooCommerce store. Data Tracking It is enabled I didn’t Connect your store to Jetpack.
The specific visitor data collected by Automattic included the visitor’s IP address, timestamp, referrer, user agent, and other HTTP-specific details. No sensitive customer, user or payment data Collected due to this issue.
The collected data logs were stored securely on Automattic’s servers. The data is not accessed externally, and all data from stores with the patched WooCommerce version active will be deleted in the next few days based on Automattic’s default 14-day retention policy.
The Woo engineering team has developed and released a patch for WooCommerce. June 4, 2024 This issue has been addressed. Woo merchants who use auto-updates should already have the patch installed and no further action is required.
About the problem
With the release of WooCommerce 7.8, external files (in this case https://stats.wp.com/w.js) was now being requested from the store’s frontend. When this file was unintentionally requested, details about the request (including the visitor data mentioned above) were logged in server request logs on servers hosted on Automattic infrastructure.
Woo’s engineering team addressed this issue by creating a patch version of WooCommerce 7.0 to 8.9. The update was released on June 4, 2024.
Please see here for the detail Advice for developers On the Woo Developer Blog.
How do I know if my store is affected?
To determine if your WooCommerce installation is affected by this issue, check which version of WooCommerce you’re running. If your site has a version of WooCommerce Valid from 7.8.0 to 8.9.1 and If you have tracking enabled on your store, it may be affected. If your store is connected to Jetpack, May “https://stats.wp.com/w.jsThe “” file is loaded when certain features are active (e.g. Jetpack Search).
How can I secure my store?
The Woo team released a WooCommerce patch to resolve this issue. June 4, 2024. We recommend that you make sure that your store has the latest patch version of WooCommerce active.
Latest patch version WooCommerce 7.0 to 8.9 (Download the latest release (From WordPress.org)
| 8.9.2 | 8.8.4 | 8.7.1 | 8.6.2 | 8.5.3 | 8.4.1 |
| 8.3.2 | 8.2.3 | 8.1.2 | 8.0.4 | 7.9.1 | 7.8.3 |
Out of an abundance of caution, we are proactively reaching out to Woo merchants about this update as part of our commitment to data privacy. Again, no sensitive information was accessed and all specific visitor data collected was stored temporarily and securely on Automattic’s servers.
If you have any further concerns or queries, our team of Happiness Engineers are here to help. Open a support ticket.
