The Hippoo Mobile App for WooCommerce is a plugin used by WordPress to enable mobile apps on e-commerce websites. This vulnerability allows attackers to read the contents of arbitrary files on the server, which can contain sensitive information such as customer data or financial records.
You're affected if you use Hippoo Mobile App for WooCommerce. Specific version info not stated in the advisory.
To fix this vulnerability, upgrade to Hippoo Mobile App for WooCommerce version 1.7.2 or later from the WordPress Plugin Directory (https://wordpress.org/plugins/hippo-mobile-app-for-woocommerce/). If an immediate upgrade isn't possible, restrict network access to your instance (firewall it from the public internet) and monitor for suspicious activity.