The Wordfence Threat Intelligence team discovered and reported a vulnerability in WooCommerce Stock Manager, a WordPress plugin installed on over 30,000 sites. This flaw made it possible for an attacker to upload arbitrary files to a vulnerable site and achieve remote code execution, as long as they could trick a site’s administrator into performing an action like clicking on a link.
A patch was quickly released on May 28, 2021 in version 2.6.0.