all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Cybercriminals Exploiting WooCommerce Payments Plugin Flaw to Hijack Websites

Add to bookmarks
July 18, 2023, 5:56 a.m. | info@thehackernews.com (The Hacker News)

The Hacker News thehackernews.com

Threat actors are actively exploiting a recently disclosed critical security flaw in the WooCommerce Payments WordPress plugin as part of a massive targeted campaign.
The flaw, tracked as CVE-2023-28121 (CVSS score: 9.8), is a case of authentication bypass that enables unauthenticated attackers to impersonate arbitrary users and perform some actions as the impersonated user, including an

actions attackers authentication authentication bypass bypass campaign case critical cve cve-2023-28121 cvss cybercriminals exploiting flaw hijack payments plugin score security security flaw threat threat actors websites woocommerce woocommerce payments plugin wordpress wordpress plugin

Visit resource

More from thehackernews.com / The Hacker News

SHQ Response Platform and Risk Centre to Enable Management and Analysts Alike 2 hours ago | thehackernews.com
alerts analysts challenges cybersecurity +14
Severe Vulnerabilities in Cinterion Cellular Modems Pose Risks to Various Industries 2 hours ago | thehackernews.com
access cellular cinterion code +25
Black Basta Ransomware Strikes 500+ Entities Across North America, Europe, and Australia 2 hours ago | thehackernews.com
advisory agency america april +26
Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo 6 hours ago | thehackernews.com
c2 framework command control cybersecurity +18
FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT 2 days, 5 hours ago | thehackernews.com
actor ads anydesk asana +20
North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms 2 days, 21 hours ago | thehackernews.com
actor attacks backdoor commands +20
CensysGPT: AI-Powered Threat Hunting for Cybersecurity Pros (Webinar) 2 days, 23 hours ago | thehackernews.com
advanced ai-powered ai tools artificial +19
Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability 3 days, 2 hours ago | thehackernews.com
actively exploited address alert anonymous +25
What's the Right EDR for You? 3 days, 2 hours ago | thehackernews.com
and response antivirus business businesses +18

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Senior Security Engineer

@ LiquidX | Singapore, Central Singapore, Singapore
View on infosec-jobs.com

Application Security Engineer

@ Solidigm | Zapopan, Mexico
View on infosec-jobs.com

Application Security Engineer

@ Yassir | worldwide
View on infosec-jobs.com

Senior Windows Threat & Detection Security Researcher (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel
View on infosec-jobs.com

MDR Security Analyst

@ SentinelOne | Israel
View on infosec-jobs.com

Principal Security Research Engineer (Prisma Cloud)

@ Palo Alto Networks | Bengaluru, India
View on infosec-jobs.com
View more jobs