The WooCommerce Checkout Manager has been reported by PluginVulnerabilities.com for being vulnerable in arbitrary file uploads. The exploit could be activated by an unauthenticated remote attacker when the plugin "Categorize Uploaded Files" option is enabled. In this case, the attacker cloud brute-force or guess an existing order id number and execute arbitrary server-side script code in the WooCommerce website with the active WooCommerce Checkout Manager plugin. Apparently, WooCommerce Checkout Manager vulnerability was caught by the WordPress repository review stuff which resulted in de-activating plugin's listing for wordpress.org. If … [Read more...] about WooCommerce Checkout Manager 4.2.6 Vulnerability