WooCommerce is vulnerable to cross-site request forgery (CSRF). The attack exists because it does not check the .csv
file imports in includes/admin/importers/class-wc-product-csv-importer-controller.php
, allowing an attacker to provide malicious inputs and valid nonce to lead to the attack.