Due to the poor handling of a vulnerability disclosure, a new attack vector has appeared for the WooCommerce Checkout Manager WordPress plugin and is affecting over 60,000 sites. If you are using this plugin, we recommend that you update it to version 4.3 immediately.
As we’ve seen some exploit attempts occurring in the wild, we feel it is a good time to describe what the issue is.
Current State of the Vulnerability
This arbitrary file upload vulnerability was made public a few weeks ago and has recently been patched.