Versions of WooCommerce prior to 4.6.2 contain a vulnerability that allows guest users to create accounts during checkout even when the "Allow customers to create an account during checkout" setting is disabled. This vulnerability is being exploited by a bot to place spam orders and create user accounts that are then used to probe for vulnerabilities in other plugins on the site.
2020-11-06 (about 2 years ago)
2020-11-06 (about 2 years ago)
2021-01-19 (about 2 years ago)