WooCommerce 4.6.2 was released yesterday with a fix for a vulnerability that allowed account creation at checkout, even when the “Allow customers to create an account during checkout” setting is disabled. The WooCommerce team discovered it after several dozen users reported their sites were receiving spam orders, or “failed orders” where the payment details were fake.
Source: WooCommerce Developer Advisory
WooCommerce developer Rodrigo Primo described how the bot is attacking stores:
The gist of it is that the bot is able to