Description
WordPress Plugin XforWooCommerce is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently take over the website and its database. WordPress Plugin XforWooCommerce version 1.6.4 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 1.7.0 or latest
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7531)
WordPress Plugin Email Subscribers & Newsletters SQL Injection (4.1.7)
WordPress Plugin WPS Cleaner Multiple Cross-Site Request Forgery Vulnerabilities (1.4.4)