Limited Black Friday Offer:

WooCommerce Payments - Unauthorized Admin Access CVE-2023-28121 Scanner

WooCommerce Payments contains an Unauthorized Admin Access vulnerability.

Short Info

Level

Critical

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

WooCommerce Payments - Unauthorized Admin Access CVE-2023-28121 Scanner Detail

An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.

https://developer.woocommerce.com/2023/03/23/critical-vulnerability-detected-in-woocommerce-payments-what-you-need-to-know/
https://www.rcesecurity.com/2023/07/patch-diffing-cve-2023-28121-to-compromise-a-woocommerce/