CVE-2023-28121
Last modified
CVE-2023-28121 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.. EPSS estimates a 86.92% chance of exploitation in the next 30 days.
Description
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Automattic | Woocommerce Payments | >= 4.8.0, < 4.8.2 |
| Automattic | Woocommerce Payments | >= 5.0.0, < 5.0.4 |
| Automattic | Woocommerce Payments | >= 5.1.0, < 5.1.3 |
| Automattic | Woocommerce Payments | >= 5.2.0, < 5.2.2 |
| Automattic | Woocommerce Payments | >= 5.5.0, < 5.5.2 |
| Automattic | Woopayments | >= 5.6.0, < 5.6.2 |
| Automattic | Woopayments | 4.9.0 |
| Automattic | Woopayments | 5.3.0 |
| Automattic | Woopayments | 5.4.0 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-28121?
How severe is CVE-2023-28121?
How do I fix CVE-2023-28121?
Are you affected by CVE-2023-28121?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST