Description
WordPress Plugin WooCommerce is prone to multiple vulnerabilities, including directory traversal and security bypass vulnerabilities. Exploiting these issues could allow an attacker to obtain sensitive information that could aid in further attacks, or to perform otherwise restricted actions and subsequently delete arbitrary comment. WordPress Plugin WooCommerce version 6.2.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 6.2.1 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:B76DBF37-A0A2-48CF-BD85-3EBBC2F394DD
https://developer.woocommerce.com/2022/02/22/woocommerce-6-2-1-security-fix/
Related Vulnerabilities
WordPress Plugin Loco Translate Local File Inclusion (2.2.1)
Oracle Application Server Other Vulnerability (CVE-2007-2119)
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.10)
MySQL CVE-2015-4866 Vulnerability (CVE-2015-4866)
WordPress Plugin PowerPack Lite for Beaver Builder Local File Inclusion (1.3.0.3)