Description
WordPress Plugin WooCommerce is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently verify user-supplied input. This may allow an attacker to gain access to sensitive information, which may aid in launching further attacks. WordPress Plugin WooCommerce version 3.4.5 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.4.6 or latest
References
https://www.ripstech.com/php-security-calendar-2018/#day-10
https://raw.githubusercontent.com/woocommerce/woocommerce/master/CHANGELOG.txt
Related Vulnerabilities
WordPress Plugin Welcome Announcement Multiple Cross-Site Scripting Vulnerabilities (1.0.5)
Moodle CVE-2025-62400 Vulnerability (CVE-2025-62400)
WordPress 5.5.x Multiple Vulnerabilities (5.5 - 5.5.3)
WordPress Plugin Chained Quiz Cross-Site Scripting (1.2.7)
Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2020-13950)