The vulnerability is in WooCommerce version 2.0.17 which is the current version, still being distributed.
An updated minor release version 2.0.18 is expected to be released either later today or tomorrow. Users are advised to upgrade immediately once WooCommerce 2.0.18 is released
We’ve also been told of a vulnerability in versions of WP Awesome Support plugin. that could allow an attacker to upload any file to your system. Since the last update to this plugin was on 14 September 2013 – it seems that this vulnerability exists in the current version.
Lastly, there is also an arbitrary file upload vulnerability in the current version of the Magnitudo theme in the wild, so please contact the vendor for a fix. The theme was last updated in April of this year. An exploit for this is being actively distributed. Google for details.