woocommerce/woocommerce is an eCommerce toolkit that helps you sell anything.
Affected versions of this package are vulnerable to Arbitrary Code Injection.
An attacker with user account could construct a specifically crafted string that will turn into a PHP object injection involving the
includes/shortcodes/class-wc-shortcode-products.php WC_Shortcode_Products::get_products() use of cached queries within shortcodes.
woocommerce/woocommerce to version 3.2.4 or higher.