9.8
CVE-2023-28121
- EPSS 93.46%
- Veröffentlicht 12.04.2023 21:15:28
- Zuletzt bearbeitet 21.11.2024 07:54:26
- Quelle support@hackerone.com
- CVE-Watchlists
- Unerledigt
LoginWooCommerce Payments 4.8.0 - 5.6.1 Authentication Bypass and Privilege Escalation
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.
Mögliche Gegenmaßnahme
WooPayments: Integrated WooCommerce Payments: Update to version 5.6.2, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WooPayments: Integrated WooCommerce Payments
Version
4.8.0 - 5.6.1
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Automattic ≫ Woocommerce Payments SwPlatformwordpress Version >= 4.8.0 < 4.8.2
Automattic ≫ Woocommerce Payments SwPlatformwordpress Version >= 5.0.0 < 5.0.4
Automattic ≫ Woocommerce Payments SwPlatformwordpress Version >= 5.1.0 < 5.1.3
Automattic ≫ Woocommerce Payments SwPlatformwordpress Version >= 5.2.0 < 5.2.2
Automattic ≫ Woocommerce Payments SwPlatformwordpress Version >= 5.5.0 < 5.5.2
Automattic ≫ Woopayments SwPlatformwordpress Version >= 5.6.0 < 5.6.2
Automattic ≫ Woopayments Version4.9.0 SwPlatformwordpress
Automattic ≫ Woopayments Version5.3.0 SwPlatformwordpress
Automattic ≫ Woopayments Version5.4.0 SwPlatformwordpress
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 93.46% | 0.998 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.