HTTP: Wordpress WooCommerce Payments Unauthorized Admin Access
This signature detects attempts to exploit a known vulnerability against Wordpress WooCommerce Payments. A successful attack can lead to security bypass
Extended Description
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.
Affected Products
Automattic woopayments
References
CVE: CVE-2023-28121
Short Name
HTTP:CTS:WP-WOO-CMRCE-AUTH-BYPS
Severity
Critical
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Access Admin CVE-2023-28121 Payments Unauthorized WooCommerce Wordpress
Release Date
09/20/2024
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3743
False Positive
Rarely
Vendors
Automattic