The WooCommerce Dynamic Pricing and Discount Rules plugin for WordPress has a security vulnerability in versions up to and including 2.4.0. This vulnerability is due to a lack of nonce validation on several functions, which means that malicious attackers can control the plugin’s settings by sending a false request, as long as they can trick a site administrator into clicking on a link.