From thehackernews.com
If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new, unpatched vulnerability that has been made public and could allow attackers to compromise your online store.
A WordPress security company—called “Plugin Vulnerabilities“—that recently gone rogue in order to protest against moderators of the WordPress’s official support forum has once again dropped details and proof-of-concept exploit for a critical flaw in a widely-used WordPress plugin.
To be clear, the reported unpatched vulnerability doesn’t reside in the WordPress core or WooCommerce plugin itself.