all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Active Exploitation of WooCommerce Payments Improper Authentication Vulnerability (CVE-2023-28121)

Add to bookmarks
July 31, 2023, 1:29 a.m. |

FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com

What is WooCommerce Payments?




WooCommerce Payments is a popular e-commerce payment plugin for WordPress designed for small to large-sized online merchants using WordPress. According to Woo, the plugin has over 600,000 active installations.








What is the Attack?




CVE-2023-28121 is an authentication bypass vulnerability affecting the WooCommerce Payments plugin version 4.8.0 through 5.6.1. Successful exploitation of the vulnerability could allow an unauthorized attacker to gain admin privileges on the WordPress websites installed with the vulnerable version of the plugin enabled.


According …

attack authentication authentication bypass bypass bypass vulnerability commerce cve cve-2023-28121 e-commerce exploitation large payment payments plugin popular version vulnerability what is woocommerce woocommerce payments woocommerce payments plugin wordpress

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report

GitLab Password Reset Vulnerability (CVE-2023-7028) 1 day, 11 hours ago | fortiguard.fortinet.com
account administrator attacker cisa +23
Tinyproxy use-after-free Vulnerability (CVE-2023-49606) 3 days, 13 hours ago | fortiguard.fortinet.com
actor arbitrary code can code +21
ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709) 5 days, 11 hours ago | fortiguard.fortinet.com
access advisory application attackers +29
Ignite Realtime Openfire Path Traversal Vulnerability (CVE-2023-32315) 1 week, 3 days ago | fortiguard.fortinet.com
CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040) 1 week, 4 days ago | fortiguard.fortinet.com
attackers attacks cisa cisa known exploited vulnerabilities +27
ArcaneDoor Attack (CVE-2024-20353 and CVE-2024-20359) 2 weeks, 3 days ago | fortiguard.fortinet.com
adaptive security advisory april arcanedoor +22
Akira Ransomware Attack (CVE-2023-20269 and CVE-2020-3259) 2 weeks, 3 days ago | fortiguard.fortinet.com
access advisory akira akira ransomware +17
PAN-OS Critical Flaw in GlobalProtect Gateway (CVE-2024-3400) 3 weeks, 5 days ago | fortiguard.fortinet.com
advisory attack code code injection +27
XZ Utils Supply Chain Attack (CVE-2024-3094) 1 month, 1 week ago | fortiguard.fortinet.com
attack code compression cve +25

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

GCP Incident Response Engineer

@ Publicis Groupe | Dallas, Texas, United States
View on infosec-jobs.com

DevSecOps Engineer - CL - Santiago

@ Globant | Santiago de Chile, Santiago, CL
View on infosec-jobs.com

IT Security Analyst - State Government & Healthcare

@ NTT DATA | Little Rock, AR, US
View on infosec-jobs.com

Exploit Developer

@ Peraton | Fort Meade, MD, United States
View on infosec-jobs.com

Senior Manager, Response Analytics & Insights (Fraud Threat Management)

@ Scotiabank | Toronto, ON, CA, M3C0N5
View on infosec-jobs.com

Cybersecurity Risk Analyst IV

@ Computer Task Group, Inc | Buffalo, NY, United States
View on infosec-jobs.com
View more jobs