WooCommerce Vulnerability of July 2021: What is it exactly and how do I fix it?

July 16, 2021 in Wordpress Solutions

WordPress WooCommerce Critical Vulnerability of July 2021

What it is exactly in the code and how do I fix it?

On 13th July 2021, WooCommerce began alerting the plugin’s users about a critical vulnerability. It is so critical that WooCommerce is forcing users to update and has requested all WooCommerce users to check if they are updated. However, a big challenge lies in front of WooCommerce because it can only reach out to WooCommerce users whose email addresses they have which means millions of site owners are going to be left unaware and open to an attack that exploits this vulnerability. It is quite frustrating to know that. Such a security vulnerability in our experience of WooCommerce is quite rare.

In our experience, from what we have seen, the vulnerability is quite critical because this is an Unauthenticated SQL Injection (SQLi) vulnerability affecting WordPress WooCommerce plugin version <= 5.5.0 and here is a glimpse of what the patch fix targets. After inspecting the older and patched WooCommerce versions it looks like the patch fixes the vulnerability here in this file — wp-content/plugins/woocommerce/includes/data-stores/class-wc-webhook-data-store.php:

How do I fix the WooCommerce Vulnerability?

You can be happy that the team over at WooCommerce has brought out the patch fix. Follow the official steps out here and if you are still struggling, reach out to us and we will help you out with this at our standard professional fees.

If you are worried about updating to the latest WooCommerce 5.5.1 due to compatibility issues with your current theme and other plugins, generally we would recommend you to update to the closest patched WooCommerce version, which for example, would be WooCommerce version 4.9.3 if you were currently on WooCommerce version 4.9.2.

We have sourced the following table from the official source and added links to the patched versions from the official WordPress Plugin repository so that it might help some of the users download the older patched versions of WooCommerce and the blocks plugin.

Patched WooCommerce versions Patched WooCommerce Blocks versions
3.3.6 2.5.16
3.4.8 2.6.2
3.5.9 2.7.2
3.6.6 2.8.1
3.7.2 2.9.1
3.8.2 3.0.1
3.9.4 3.1.1
4.0.2 3.2.1
4.1.2 3.3.1
4.2.3 3.4.1
4.3.4 3.5.1
4.4.2 3.6.1
4.5.3 3.7.2
4.6.3 3.8.1
4.7.2 3.9.1
4.8.1 4.0.1
4.9.3 4.1.1
5.0.1 4.2.1
5.1.1 4.3.1
5.2.3 4.4.3
5.3.1 4.5.3
5.4.2 4.6.1
5.5.1 4.7.1

Have you made the fix in your WooCommerce website? Start a discussion in the comments.

How to add GSTIN to WooCommerce Invoices

July 6, 2017 in Wordpress Solutions

After 1st July 2017, GST is in full force in India. If you’ve read our article on how to easily setup GST for WooCommerce, you’ll know how to calculate GST (which is CGST+SGST) and IGST for all your Indian customers. In this article, we wish to show you how easy it is to display your GSTIN (Goods & Services Tax Identification Number) on all your invoices.

While the GST setup didn’t require a plugin in our GST setup guide, to display your GSTIN number on the invoices, you’re going to need to install a free plugin: WooCommerce PDF Invoices & Packing Slips

Remember, you need to uninstall any other PDF invoice generating plugin for this to work.

Apart from helping you to add the GSTIN number to your invoice, it will also help you to generate, print and send PDF invoices and packing slips (and much more which can be read here) — which is great, isn’t it! Once you have installed the plugin, visit the plugin’s settings page and fill in all the necessary information.

Next, simply follow the screenshots:

  1. Visit the Template tab in the settings. (You’ll find it under WooCommerce > PDF Invoices)
  2. Scroll down, till you see the field with ‘Footer Terms & Condition etc’. In the text field, simply type ‘Our GSTIN is: <your GST number>’

You’re set! We understand that this may not be an optimal solution and you might like the GSTIN to be somewhere at the top, but this gets your job done. If you have figured out a better solution, please contribute in the comments.

Last modified: [last-modified]

GST India: How to easily setup GST for WooCommerce (in WordPress)

July 4, 2017 in Wordpress Solutions

A few sections of this article have been updated on 21st April 2020.

GST came into force on 1st July 2017 in India. With this, entrepreneurs/shopkeepers/businessmen are expected to generate GST receipts/invoices for customers. With that came both praise and criticism for one of India’s largest fiscal reforms. One of the major reasons for the praise was that it eliminates the cascading tax effect, making the lives of businessmen and traders easier and one of critiques being that India wasn’t ready (technically), yet, for such a huge change.

Usage of the WordPress+WooCommerce combo is at large and a lot of entrepreneurs use this combination for e-commerce across the globe. With GST coming into force in India — at the time of writing this article, there is no other solution for GST implementation in WooCommerce. How do we know? Last evening, we received a call from one of our e-commerce clients. Their website is built by us in WordPress and uses WooCommerce for the e-commerce bit.

Guys, we need to setup GST invoicing anyhow soon. Otherwise we will start facing losses. Please figure out a solution as soon as possible.

Now, the first thing that any of us with a WordPress website with WooCommerce would do is to check whether a plugin or a solution exists for the problem at hand. We did just that. After spending an hour searching, we know that there is no other solution available at the moment. Outside of the WordPress context, there are a lot of other softwares, across various domains, which are yet to be updated to handle this transition of epic proportions called GST in India. It was no surprise that my search for a solution for GST in WordPress availed no results. Today, we’ll show you how to do the most basic setup for GST in India on WooCommerce in WordPress. Please note, that I’m stressing on basic. It may not cover all your expectations, but it will keep you in compliance with GST and you will not face losses because you couldn’t charge GST, atleast. And yes, you do not need to install any additional plugin while using this solution.

Base store location is Maharashtra, Shipping Address in this case set to Maharashtra; hence GST (CGST+SGST) automatically calculated. We’ve figured it out 🙂

This method of setting up GST in WooCommerce would help you if you’re one of these people:

  • Don’t wish to change the prices of all the products in their WooCommerce store to include GST.
  • Are looking for a quick-fix implementation of GST and IGST in their WooCommerce store.
  • Wish to just charge GST for Indian customers; but not customers abroad.

Before we begin, here’s a glance at what we will achieve by the end of this article:

  1. GST/IGST will be calculated automatically during checkout
  2. GST/IGST will be shown on the invoice
  3. How to add GSTIN number on the invoice

A lot of things are easier when explained using a scenario. So, lets take our client’s scenario:
Client has a couple of brick-and-mortar apparel stores in Maharashtra spread across multiple cities and their e-commerce website has 200+ products.  They ship products pan-India. This brings GST (which is CGST+SGST) and IGST (Integrated GST) into the picture. The client also ships their products abroad.

Let’s begin. Stepwise:

    1. Login to WordPress and head over to WooCommerce > Settings
    2. Visit the Tax tab in once you’re there. And set the following settings according with the values shown in the next image
      Here, if you wish to show prices inclusive of GST during checkout, select ‘Including Tax’ in the ‘Display Prices During Cart and Checkout’ option 
    3. Now, head over to Standard Rates; link to which is right under the Tax tab
    4. Download this file (kraftpixel_woocommerce_gst_tax_rates_setup_FREE.csv) (file updated in April 2020 as per WooCommerce updates) and upload it using the ‘Import CSV’ option. It contains all the state codes and the rates considering Maharashtra as the shop location for Apparels over Rs. 1,000 which is 12% for GST (CGST+SGST) and IGST; so, modify the CSV file accordingly and then upload. Considering the various possibilities, I’ll leave that to you. Once done, you’ll see that all the tax rates are imported.

      The above image was updated on 21st April 2020. Make sure you untick ‘Compound’ for all tax rates. The image shows it as ticked, but make sure you untick.
    5. Finally, you need to display your GSTIN number on your invoice. Follow our simple guide here on how to add your GSTIN number to your invoices.

That’s all. Congrats, your e-commerce shop using WooCommerce in WordPress is set for GST in India. Well, a basic setup, but it’s got you covered for now. If you have multiple tax slabs applicable, continue reading.

Depending on your template, your customers will see the results during checkout.

If your products have multiple GST/IGST slabs applicable basis the price, follow these steps:

The steps mentioned below are for clothing items, wherein if price >1000, 12% GST/IGST is applicable and if price < 1000, then 5% GST/IGST; you can adapt it to your rates. Click on the links to view the screenshots:

1. Select the ‘Shipping tax class based on cart items’ option here:
2. Then, define a new tax:
3. Configure it:
4. (If you have large no of products, go to point 5) Go to each product in your store, edit it and select the tax class: (if you have followed the article and done the setup for the Standard tax, select Standard for products with price > Rs. 1,000 and the new one for price < Rs. 1,000).
5. Bonus tip: Here’s how you can expedite your tax class allocation in WooCommerce. Did you know that you can assign tax classes to your products in bulk? Simply use the bulk edit feature already available in WordPress and you’ll save a lot of time. Use filters at the top of the products view as needed to sort products and also sort by ascending/descending etc. See screenshots below:



Here are some screenshots from our client’s website:

Case 1: Selected the State in Shipping Address as Tamil Nadu; IGST should get calculated.

Case 2: Selected the State in Shipping Address as Maharashtra (this is also the base location of the store); Thus, GST (CGST+SGST) should get calculated.

Did this article help you set up GST on your website in some way? Please drop us a 5-star review here mentioning how our article helped you. It will help us reach more people and motivate us to write more such articles:

If you’re looking for any kind of professional help in WordPress, please get in touch with us by pinging us at The KraftPixel team has 7+ years of combined experience in WordPress and is equipped to help you with any WordPress related requirement.