Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-28121

Published: 12/04/2023 Updated: 18/12/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Woocommerce Payments

Vulnerability Summary

An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated malicious user to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated malicious user to gain admin access on a site that has the affected version of the plugin activated.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

automattic woocommerce payments

automattic woopayments

automattic woopayments 4.9.0

automattic woopayments 5.3.0

automattic woopayments 5.4.0

Vendor Advisories

Check Point Security Alerts: WordPress WooCommerce Payments Plugin Authentication Bypass (CVE-2023-28121)
Check Point Reference: CPAI-2023-0561 Date Published: 27 Jul 2023 Severity: Critical ...

Github Repositories

https://github.com/im-hanzou/Mass-CVE-2023-28121

CVE-2023-28121 - WooCommerce Payments < 5.6.2 - Unauthenticated Privilege Escalation [ Mass Add Admin User ]

CVE-2023-28121 WooCommerce Payments &lt; 562 - Unauthenticated Privilege Escalation [ Mass Add Admin User ] Introduction This script using Python3 and use threading for better process speed The script has ben updated to 2 version V1 is the old version and V2 the newer version with random username, email and password string After you get some results dont forget to cha

https://github.com/rio128128/Mass-CVE-2023-28121-kdoec

CVE-2023-28121 - WooCommerce Payments < 5.6.2 - Unauthenticated Privilege Escalation [ Mass Add Admin User ]

CVE-2023-28121 WooCommerce Payments &lt; 562 - Unauthenticated Privilege Escalation [ Mass Add Admin User ] How to use This script using Python3 Install requirements pip install -r requirementstxt Reference wpscancom/vulnerability/0f78a245-866c-462e-bd23-43dfadb57072 developerwoocommercecom/2023/03/23/critical-vulnerability-detected-in-woocommerce-pay

https://github.com/gbrsh/CVE-2023-28121

WooCommerce Payments: Unauthorized Admin Access Exploit

CVE-2023-28121 WooCommerce Payments: Unauthorized Admin Access Exploit Won't be publishing this one first thats for sure PoC is now publishedIt was created for educational/research purposes only! Use it at your own risk!

https://github.com/Jenderal92/WP-CVE-2023-28121

Python 2.7

WP-CVE-2023-28121 WooCommerce Payments &lt; 562 - Unauthenticated Privilege Escalation Python 27 Buy Coffee : Bitcoin $: 31mtLHqhaXXyCMnT2EU73U8fwYwigiEEU1 Perfect Money $: U22270614 Saweria $: saweriaco/Shin403 Trakteer $: trakteerid/shin403 Buymeacoffee $: wwwbuymeacoffeecom/shincode How To Use? Install Python 27 Download Here python fil

References

CWE-287https://developer.woocommerce.com/2023/03/23/critical-vulnerability-detected-in-woocommerce-payments-what-you-need-to-know/https://www.rcesecurity.com/2023/07/patch-diffing-cve-2023-28121-to-compromise-a-woocommerce/https://nvd.nist.govhttps://github.com/im-hanzou/Mass-CVE-2023-28121https://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2023-0561.html
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook