---
title: "WooCommerce Object Injection Vulnerability"
description: "Object Injection Vulnerability on versions 2.3.11 and lower Issue: An Object Injection vulnerability has been discovered in WooCommerce. Status: Update has been released. Who is impacted? Anyone..."
url: https://www.inmotionhosting.com/support/edu/wordpress/woocommerce/woocommerce-object-injection/
date: 2015-06-11
modified: 2020-12-28
author: "Scott Mitchell"
categories: ["WooCommerce"]
type: post
lang: en
---

# WooCommerce Object Injection Vulnerability

## Object Injection Vulnerability on versions 2.3.11 and lower

| Issue: | An Object Injection vulnerability has been discovered in WooCommerce. |
| --- | --- |
| Status: | Update has been released. |
| Who is impacted? | Anyone running less than v 2.3.11. |

## Why was this update released?

The web security firm Sucuri has discovered that malicious users may be able to exploit the bug to create download any file from the vulnerable server.

You can read more from the [Sucuri blog](https://blog.sucuri.net/2015/06/security-advisory-object-injection-vulnerability-in-woocommerce.html).

## What should I do?

It is suggested to upgrade to WooCommerce 2.3.11 as soon as possible.
