The WordFence blog has discovered a small vulnerability in WooCommerce 2.3.5, the latest version until today’s new release.
This WooCommerce vulnerability potentially allows an attacker to exploit an SQL Injection attack and run their own code on your site, however as the exploit is in the admin area, it is limited to those that have or can obtain Admin or Shop Manager access levels to your WordPress admin panel.
Our recommendation is to upgrade right away to version 2.3.6 which was released within hours of the vulnerability being found.
More information from the WordFence site:
You can download the new 2.3.6 version of WooCommerce released on March 13th 2015 at http://www.woothemes.com/woocommerce/.