Read Time:1 Minute, 3 Second

What is WooCommerce Payments?

WooCommerce Payments is a popular e-commerce payment plugin for WordPress designed for small to large-sized online merchants using WordPress. According to Woo, the plugin has over 600,000 active installations.

What is the Attack?

CVE-2023-28121 is an authentication bypass vulnerability affecting the WooCommerce Payments plugin version 4.8.0 through 5.6.1. Successful exploitation of the vulnerability could allow an unauthorized attacker to gain admin privileges on the WordPress websites installed with the vulnerable version of the plugin enabled.

According to NIST (National Institute of Standards and Technology), CVE-2023-28121 has a CVSS base score of 9.8 and is rated critical.

Why is this Significant?

This is significant because WooCommerce Payments is a popular plugin (>600,000 active installations) and is reported to be actively exploited in the wild. As such FortiGuard Labs advises to update the plugin to version 5.6.2 and later as soon as possible.

What is the Vendor Solution?

WooCommerce Payments plugin version 5.6.2 was released on March 23, 2023 to address the vulnerability.

What FortiGuard Coverage is available?

FortiGuard Labs is currently investigating coverage for CVE-2023-28121. We will update this Threat Signal when new information becomes available.

Read More

More Stories

xen-4.19.1-3.fc41

FEDORA-2025-933a9a977e Packages in this update: xen-4.19.1-3.fc41 Update description: work around debugedit bug to fix aarch64 builds xen-hypervisor %post doesn't load...

thunderbird-128.6.0-1.fc40

FEDORA-2025-91031f9df9 Packages in this update: thunderbird-128.6.0-1.fc40 Update description: Update to 128.6.0 https://www.thunderbird.net/en-US/thunderbird/128.6.0esr/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2025-04/ Read More