While looking into something else related to the security of the plugin Order / Coupon / Subscription Export Import Plugin for WooCommerce (Order Export & Order Import for WooCommerce) we found that the latest version introduced a cross-site request forgery (CSRF)/arbitrary file deletion vulnerability.

In the new version these lines of code were added to the file /includes/importer/class-wf-orderimpexpcsv-order-import.php: [Read more]