Automattic: Woocommerce SQL Injection in WC_Report_Coupon_Usage

A SQL injection vulnerability was found in the WooCommerce plugin version 9.9.3. The vulnerable parameter was 'couponcodes' in the '/wp-admin/admin.php?page=wc-reports&tab=orders&report=couponusage' endpoint. The vulnerability required the privilege to view reports...