PT-2023-21579 · WordPress · Woocommerce Payments

🗓️ 12 Apr 2023 00:00:00Reported by Positive TechnologiesType

ptsecurity

ptsecurity🔗 dbugs.ptsecurity.com👁 6 Views

Unauthenticated attackers can gain admin access via WooCommerce Payments on WordPress 5.6.1.

Reporter	Title	Published	Views	Family All 38
GithubExploit	Exploit for Improper Authentication in Automattic Woocommerce_Payments	12 Apr 202512:31	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security	25 Jun 202518:50	–	githubexploit
GithubExploit	Exploit for Improper Authentication in Automattic Woocommerce_Payments	3 Nov 202301:19	–	githubexploit
GithubExploit	Exploit for Improper Authentication in Automattic Woocommerce_Payments	30 Mar 202323:50	–	githubexploit
GithubExploit	Ntemplatesbyxit	7 May 202615:36	–	githubexploit
GithubExploit	Exploit for Improper Authentication in Automattic Woocommerce_Payments	12 Jul 202302:41	–	githubexploit
ATTACKERKB	CVE-2023-28121	12 Apr 202321:15	–	attackerkb
Circl	CVE-2023-28121	4 Jun 202312:58	–	circl
CNNVD	WordPress plugin WooCommerce Payments 授权问题漏洞	12 Apr 202300:00	–	cnnvd
CVE	CVE-2023-28121	12 Apr 202300:00	–	cve

Source	Link
github	www.github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wp_woocommerce_payments_add_user.rb
github	www.github.com/gbrsh/CVE-2023-28121
github	www.github.com/im-hanzou/Mass-CVE-2023-28121
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-28121
osv	www.osv.dev/vulnerability/CVE-2023-28121
safe-surf	www.safe-surf.ru/specialists/bulletins-nkcki/696929
developer	www.developer.woocommerce.com/2023/03/23/critical-vulnerability-detected-in-woocommerce-payments-what-you-need-to-know
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
t	www.t.me/poxek/3043
t	www.t.me/cvenotify/48807

17 Oct 2024 00:00Current

9.8High risk

Vulners AI Score9.8

CVSS 3.19.8

EPSS0.9367

unauthenticated access admin privileges woocommerce payments wordpress plugin versions five six one security update