Zee
(@doublezed2)
Hello ldekay,
Thank you for contacting WooCommerce support.
I understand you received an email urging you to install a patch plugin due to a supposed security vulnerability, and you’re right to be cautious.
This definitely sounds like a phishing attempt. WooCommerce does not send direct emails asking users to install patch plugins. Any real security updates would come through official plugin updates via your WordPress dashboard.
You did the right thing by checking here first. Please do not click any links or install anything from that email.
Could you share screenshot of the email here? You may use https://snipboard.io to upload images and share links here. I am curious how it looks like.
Let me know if you have any questions. 🙂
Best regards.
Thread Starter
ldekay
(@ldekay)
Thread Starter
ldekay
(@ldekay)
Thread Starter
ldekay
(@ldekay)
Hi @ldekay,
Thank you for the screenshots.
The email you received is a phishing attempt. WooCommerce would never distribute security patches through third-party plugins or ask you to install anything outside of official updates. Official WooCommerce updates are always released through ww.wp.xz.cn or your site’s dashboard.
You can find more details about this phishing campaign here:
https://developer.woocommerce.com/2025/04/22/dev-advisory-phishing-campaign-targeting-woocommerce-stores/
We haven’t heard back from you in a while, so I’m going to mark this as resolved.
If you have a few minutes, we’d love if you could leave us a review: https://ww.wp.xz.cn/support/plugin/woocommerce/reviews/
