Auto-updating Woocommerce Plugin when “auto-updates” is OFF?

Could it be your host? I know WP Engine is automatically updating these.

All Woo users received the forced update.

Thank you for the super quick response!
I have 2 sites with different hosting; both auto updated
1 site updated to v 5.5.1 (hosting A)
Other site updated to v 5.5.2 (hosting B)
I will reach out to them, but in the meantime… Is there really a v 5.5.2? Or should it all be v 5.5.1

Forced to 5.5.1 or 5.5.2??

5.5.1 seems to be the latest version. I just did a download and looked at the version number.

Thank you – so does that mean my site is hacked when it shows Woocommerce Plugin v 5.5.2? (in your opionion)

Dunno; I’ve asked in the “backroom”. Do you have a plugin like WordFence installed you could use to scan your site?

There is no 5.5.2, so what I’d do:

1. backup everything.
2. via FTP or the file manager app of your hosting control panel, delete wp-content/plugins/woocommerce
3. download a new copy of woocommerce from here.
4. unzip locally.
5. Upload the resulting woocommerce directory back to wp-content/plugins (via FTP or your hosting control panel).
6. Run a scan on your site using WordFence.

Yes, I both WordFence and BlogVault Security on both sites and used both to scan and everything comes up “okay” – so I do not think they are hacked. But one was showing Woocommerce v 5.5.2 after the forced update (and still had the “update to 5.5.1” button showing as well). That one I clicked to “update to v5.5.1” (even though it said it was already at v 5.5.2; it successfully updated to v 5.5.1.

I am confused about the higher version showing after the forced update and still showing the “need to update to v 5.5.1” even though it was already showing a higher version as being active.

Any thoughts about that?
Thank you!

Also, the site with WP Engine showed the forced update to v 5.5.1
the site with GoDaddy showed the forced update to v 5.5.2

Are you sure it wasn’t 5.4.2, not 5.5.2? Older versions also were updated.

I am certain – I had previously updated them to the most recent version just a few days ago and then the Critical Vulnerability email came out and then I started getting the auto-update emails and I then went to the sites and one said “5.5.1” and had no “update” button and the other said “5.5.2” and had the “update to 5.5.1” button – which I thought was very odd since it said it was already at a higher version, and when I clicked the update it changed to “5.5.1” – then I reached out to you guys to see what’s what…
All scans still say “not hacked” so… should I just let it go? (in your opinion)
Thank you.

Or should I reach out to GoDaddy?

Definitely check with them; they may have done soemthing on their own.

Okay, thank you very much for your super quick responses and time with me!