Thanks to Sucuri Security blog, we are informed about a dangerous Object Injection vulnerability in WooCommerce (versions 2.0.20 2.3.10). It’s a serious threat to WooCommerce users, which can be exploited by hackers to attack the vulnerable server & download any file. If “PayPal Identity Token” option is set on your WooCommerce website, then you are at risk of being attacked.
Fortunately, in the latest patch 2.3.11, WooCommerce has the problem fixed, a number of other bug fixes are also included. For WooRockets, we’ve updated all demo sites of our WooCommerce themes. If you’re using avulnerable WooCommerce version,we strongly recommend that you update the pluginto latest version immediately.