An arbitrary file deletion vulnerability in WooCommerce plugin could allow a malicious or compromised user to gain full control over the unpatched websites. The vulnerability allows shop managers to delete any file on the server that is writable. Once the file is deleted, the plugin gets disabled, allowing Shop Managers to update the password for the administrator account and then take over the complete website. If you haven,t yet updated your WordPress and Woocommerce, you are highly recommended to install the latest available security updates.
Source: https://thehackernews.com/2018/11/woocommerce-wordpress-hacking.html