all InfoSec news
Active Exploitation of WooCommerce Payments Improper Authentication Vulnerability (CVE-2023-28121)
July 31, 2023, 1:29 a.m. |
FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com
WooCommerce Payments is a popular e-commerce payment plugin for WordPress designed for small to large-sized online merchants using WordPress. According to Woo, the plugin has over 600,000 active installations.
What is the Attack?
CVE-2023-28121 is an authentication bypass vulnerability affecting the WooCommerce Payments plugin version 4.8.0 through 5.6.1. Successful exploitation of the vulnerability could allow an unauthorized attacker to gain admin privileges on the WordPress websites installed with the vulnerable version of the plugin enabled.
According …
attack authentication authentication bypass bypass bypass vulnerability commerce cve cve-2023-28121 e-commerce exploitation large payment payments plugin popular version vulnerability what is woocommerce woocommerce payments woocommerce payments plugin wordpress
More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report
Tinyproxy use-after-free Vulnerability (CVE-2023-49606)
1 week, 2 days ago |
fortiguard.fortinet.com
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
Security Operations Manager-West Coast
@ The Walt Disney Company | USA - CA - 2500 Broadway Street
Vulnerability Analyst - Remote (WFH)
@ Cognitive Medical Systems | Phoenix, AZ, US | Oak Ridge, TN, US | Austin, TX, US | Oregon, US | Austin, TX, US
Senior Mainframe Security Administrator
@ Danske Bank | Copenhagen V, Denmark