Auth. Arbitrary File Download vulnerability discovered by WPScan in WordPress SMSA Shipping for WooCommerce premium plugin (versions <= 1.0.4).
Update the WordPress SMSA Shipping for WooCommerce plugin to the latest available version (at least 1.0.5).