WooCommerce 3.5.7 is now available. Since this release contains fixes to harden security, we encourage you to update your sites as soon as possible.
~4 commits made it into this release and the full changelog is below. The security patch patches against potential XSS.
* Security - Improved the way in which state fields are regenerated by JavaScript to ensure values are properly escaped.
Download the latest release of WooCommerce here or venture over to Dashboard → Updates to update your plugins from WordPress.
As usual, if you spot any other issues in WooCommerce core please log them in detail on Github, and to disclose a security issue to our team, please submit a report via HackerOne here. Comments on this post are closed.