CVE-2023-28121
Description
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.
Severity: CRITICAL
CVE ID: CVE-2023-28121
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2023-28121
Refrence: Project Discovery GitHub
gbrsh
WooCommerce Payments: Unauthorized Admin Access Exploit
Refrence: GitHub
im-hanzou
CVE-2023-28121 - WooCommerce Payments < 5.6.2 - Unauthenticated Privilege Escalation [ Mass Add Admin User ]
Refrence: GitHub
rio128128
CVE-2023-28121 - WooCommerce Payments < 5.6.2 - Unauthenticated Privilege Escalation [ Mass Add Admin User ]
Refrence: GitHub
C04LA
Refrence: GitHub
Jenderal92
Python 2.7
Refrence: GitHub
1337nemojj
Refrence: GitHub
Content on GitHub
getdrive | watchers:59
PoC
PoC. Severity critical.
Refrence: GitHub