Local File Inclusion (LFI) leading vulnerability to Remote Code Execution (RCE) discovered by Marc Montpas (Automattic) in WordPress WOOCS – WooCommerce Currency Switcher plugin (versions <= 1.3.6.2).
Update the WordPress WOOCS – WooCommerce Currency Switcher plugin to the latest available version (at least 1.3.7).