This vulnerability is in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin. It allows an attacker to read arbitrary files in the "requrl" parameter via a full pathname.
Solution
Update the plugin.
Found a vulnerability that puts your sites at risk?