What is WooCommerce Payments?
WooCommerce Payments is a popular e-commerce payment plugin for WordPress designed for small to large-sized online merchants using WordPress. According to Woo, the plugin has over 600,000 active installations.
What is the Attack?
CVE-2023-28121 is an authentication bypass vulnerability affecting the WooCommerce Payments plugin version 4.8.0 through 5.6.1. Successful exploitation of the vulnerability could allow an unauthorized attacker to gain admin privileges on the WordPress websites installed with the vulnerable version of the plugin enabled.
According to NIST (National Institute of Standards and Technology), CVE-2023-28121 has a CVSS base score of 9.8 and is rated critical.
Why is this Significant?
This is significant because WooCommerce Payments is a popular plugin (>600,000 active installations) and is reported to be actively exploited in the wild. As such FortiGuard Labs advises to update the plugin to version 5.6.2 and later as soon as possible.
What is the Vendor Solution?
WooCommerce Payments plugin version 5.6.2 was released on March 23, 2023 to address the vulnerability.
What FortiGuard Coverage is available?
FortiGuard Labs is currently investigating coverage for CVE-2023-28121. We will update this Threat Signal when new information becomes available.
More Stories
CyberDanube Security Research 20240919-0 | Multiple Vulnerabilities in Netman204
Posted by Thomas Weber via Fulldisclosure on Sep 23 CyberDanube Security Research 20240919-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| Netman 204...
Submit Exploit CVE-2024-42831
Posted by arfaoui haythem on Sep 23 # Exploit Title: Reflected XSS in Elaine's Realtime CRM Automation v6.18.17 # Date:...
USN-7021-2: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...
USN-7029-1: Linux kernel vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could...
USN-7007-3: Linux kernel vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could...
USN-6999-2: Linux kernel vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could...