Description
WordPress Plugin WooCommerce is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently verify user-supplied input. This may allow an attacker to gain access to sensitive information, which may aid in launching further attacks. WordPress Plugin WooCommerce version 3.4.5 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.4.6 or latest
References
https://www.ripstech.com/php-security-calendar-2018/#day-10
https://raw.githubusercontent.com/woocommerce/woocommerce/master/CHANGELOG.txt
Related Vulnerabilities
MySQL CVE-2019-2532 Vulnerability (CVE-2019-2532)
Drupal Core 4.6.x Multiple Cross-Site Scripting Vulnerabilities (4.6.0 - 4.6.9)
WebLogic CVE-2017-10271 Vulnerability (CVE-2017-10271)
WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.20)
WordPress Plugin Classified Listing Pro & Directory Cross-Site Scripting (2.0.19)