Description
WordPress Plugin Woo Import Export is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to delete arbitrary files in the context of the webserver process. WordPress Plugin Woo Import Export version 1.0 is vulnerable.
Remediation
Disable the plugin until a fix is available
References
http://lenonleite.com.br/en/publish-exploits/english-plugin-woo-import-export-1-0-rce-unlink/
https://www.exploit-db.com/exploits/44520/
https://wordpress.org/plugins/woo-import-export-lite/#description
Related Vulnerabilities
WordPress Plugin BuddyStream Multiple Cross-Site Scripting Vulnerabilities (2.6.2)
WordPress Plugin Custom Admin Page by BestWebSoft Cross-Site Scripting (0.1.1)
WordPress Plugin YITH PayPal Express Checkout for WooCommerce Security Bypass (1.2.5)
WordPress Plugin Theme My Login Local File Inclusion (6.3.9)
WordPress Plugin ACF:Better Search Cross-Site Request Forgery (3.3.0)