Object Injection Vulnerability on versions 2.3.11 and lower
Issue: | An Object Injection vulnerability has been discovered in WooCommerce. |
---|---|
Status: | Update has been released. |
Who is impacted? | Anyone running less than v 2.3.11. |
Why was this update released?
The web security firm Sucuri has discovered that malicious users may be able to exploit the bug to create download any file from the vulnerable server.
You can read more from the Sucuri blog.
What should I do?
It is suggested to upgrade to WooCommerce 2.3.11 as soon as possible.