The WooCommerce team take security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
To disclose a security issue to our team, please submit a report via HackerOne here.