Cross-Site Scripting (XSS) vulnerability was discovered by Lucio Sá (Patchstack Alliance) in WordPress Checkout Files Upload for WooCommerce plugin (versions <= 2.1.2).
Update the WordPress Checkout Files Upload for WooCommerce plugin to the latest available version (at least 2.1.3).