Unpatched vulnerability exists in widely-used WooCommerce plugin that allows eCommerce sites to customize forms on checkout pages. The vulnerability is an “arbitrary file upload” issue that can be exploited by unauthenticated, remote attackers. If exploited, the flaw could allow attackers to execute arbitrary server-side script code in the context of the web server process and compromise the application to access or modify data or gain administrative access. If your website is using this plugin, you are advised to disable “Categorize Uploaded Files” option in the plugin settings.
Source: https://thehackernews.com/2019/04/wordpress-woocommerce-security.html