I had same problem. When I disabled Sequential Order Number for WooCommerce plugin it worked. But I need the plugin to work. Thanks!
The real question is: why was the malware url in the comments? Who put it there and how can we be assured that malicious code won’t end up in the plugin in the future?
