The vulnerability allows an attacker to export user names, addresses, and other private information. It also allows an attacker to modify orders.
We are receiving reports as of 11am Pacific Time that hosting companies (Bluehost specifically) are automatically updating this plugin to the newest version if they detect that you have it installed, but please don’t rely on this. Take action now to protect your site.
This is an extremely popular plugin with approximately 3 million downloads, so please spread the word about this vulnerability now and help keep the community safe.