Skip to main content

CVE-2023-28121

Description

An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.

NVD
Severity: CRITICAL
CVE ID: CVE-2023-28121
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

Nuclei Templates for CVE-2023-28121
gbrsh

WooCommerce Payments: Unauthorized Admin Access Exploit

Refrence: GitHub

im-hanzou

CVE-2023-28121 - WooCommerce Payments < 5.6.2 - Unauthenticated Privilege Escalation [ Mass Add Admin User ]

Refrence: GitHub

rio128128

CVE-2023-28121 - WooCommerce Payments < 5.6.2 - Unauthenticated Privilege Escalation [ Mass Add Admin User ]

Refrence: GitHub

C04LA

Refrence: GitHub

Jenderal92

Python 2.7

Refrence: GitHub

1337nemojj

Refrence: GitHub

Content on GitHub

getdrive | watchers:59

PoC
PoC. Severity critical.

Refrence: GitHub

Tags:
Last updated on by Vulnerability_bot_v1.3.9