Lucene search
HackeroneCVELIST:CVE-2023-28121HistoryApr 12, 2023 - 12:00 a.m.
CVE-2023-28121
2023-04-1200:00:00
CWE-287
hackerone
www.cve.org
1
woocommerce payments
wordpress
unauthenticated access
remote attacker
admin access
plugin vulnerability
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.
CNA Affected
[
{
"vendor": "n/a",
"product": "WooCommerce Payments WordPress Plugin",
"versions": [
{
"version": "Fixed version 5.6.2",
"status": "affected"
}
]
}
]Related
wpexploit
wpexploit
WooCommerce Payments < 5.6.2 - Unauthenticated Privilege Escalation
2023-03-23 00:00:00
wpvulndb
wpvulndb
WooCommerce Payments < 5.6.2 - Unauthenticated Privilege Escalation
2023-03-23 00:00:00
githubexploit
githubexploit
Exploit for Improper Authentication in Automattic Woocommerce Payments
2023-03-30 23:50:39
Exploit for Improper Authentication in Automattic Woocommerce Payments
2023-07-12 02:41:26
Exploit for Improper Authentication in Automattic Woocommerce Payments
2023-07-12 06:04:56
wordfence
wordfence
Massive Targeted Exploit Campaign Against WooCommerce Payments Underway
2023-07-17 17:27:14
nuclei
nuclei
WooCommerce Payments - Unauthorized Admin Access
2023-07-03 18:15:00
openvas
openvas
cve
cve
CVE-2023-28121
2023-04-12 21:15:28
prion
prion
Code injection
2023-04-12 21:15:00
metasploit
metasploit
Wordpress Plugin WooCommerce Payments Unauthenticated Admin Creation
2023-07-04 17:05:07
nvd
nvd
CVE-2023-28121
2023-04-12 21:15:28
osv
osv
CVE-2023-28121
2023-04-12 21:15:28
thn
thn
Zero-Day Attacks Exploited Critical Vulnerability in Citrix ADC and Gateway
2023-07-19 03:21:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-07-14 19:48:02