Discount Rules for WooCommerce plugin with more than 30,000 installations is under attack. Vulnerabilities include unauthenticated stored cross-site scripting (XSS) and a lack of nonce token and authorization checks. At least 17,000 WordPress-based WooCommerce online stores with active Discount Rules plugin installation are still exposed to ongoing attacks. plugin’s developer has addressed the vulnerabilities with the release of version 2.1.0 more than a week ago, on August 13, on. August 13.
Source: https://www.bleepingcomputer.com/news/security/wordpress-woocommerce-stores-under-attack-patch-now/