The Remove Add to Cart WooCommerce plugin for WordPress is at risk of being exploited in versions up to and including 1.4.4. This is because the plugin lacks the proper security measures to protect it from Cross-Site Request Forgery. This means that if an attacker can trick a site administrator into clicking on a link, they can change the plugin settings without being authenticated.