An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated malicious user to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated malicious user to gain admin access on a site that has the affected version of the plugin activated.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
automattic woocommerce payments |
||
automattic woopayments |
||
automattic woopayments 4.9.0 |
||
automattic woopayments 5.3.0 |
||
automattic woopayments 5.4.0 |