Patch Diffing CVE-2023-28121 to Compromise a WooCommerce | allinfosecnews.com

July 3, 2023, 4:54 p.m. | Julien Ahrens

RCE Security www.rcesecurity.com

Back in March 2023, I noticed an interesting security advisory that was published by Wordfence about a critical “Authentication Bypass and Privilege Escalation” (aka CVE-2023-28121) affecting the “WooCommerce Payments” plugin which has more than 600.000 active installs according to WordPress. Since one of my customers was running a WooCommerce instance with the vulnerable version of […]

advisory authentication authentication bypass back bypass compromise critical customers cve cve-2023-28121 escalation exploit instance march patch patch diffing payments plugin privilege privilege escalation running security security advisory vulnerable woocommerce wordfence wordpress

More from www.rcesecurity.com / RCE Security

Patch Diffing CVE-2023-28121 to Compromise a WooCommerce 10 months ago | www.rcesecurity.com

advisory authentication authentication bypass back +23

SecurePwn Part 2: Leaking Remote Memory Contents (CVE-2023-22897) 1 year ago | www.rcesecurity.com

advisory cve exploit flashback +9

SecurePwn Part 1: Bypassing SecurePoint UTM’s Authentication (CVE-2023-22620) 1 year ago | www.rcesecurity.com

access advisory authentication bugs +18

From Zero to Hero Part 2: Intel DCM From SQL Injection to RCE (CVE-2022-21225) 1 year, 5 months ago | www.rcesecurity.com

advisory bug bounty cve hero +5

From Zero to Hero Part 1: Bypassing Intel DCM’s Authentication by Spoofing Kerberos and LDAP … 1 year, 5 months ago | www.rcesecurity.com

authentication bug bounty bypassing cve +5

WordPress Transposh: Exploiting a Blind SQL Injection via XSS 1 year, 9 months ago | www.rcesecurity.com

bug bounty exploiting injection sql +3

AWAE Course and OSWE Exam Review 2 years ago | www.rcesecurity.com

certifications course exam oswe +1

Senior Security Specialist, Forsah Technical and Vocational Education and Training (Forsah TVET) (NEW)

@ IREX | Ramallah, West Bank, Palestinian National Authority

View on infosec-jobs.com

Consultant(e) Junior Cybersécurité

@ Sia Partners | Paris, France

View on infosec-jobs.com

Senior Network Security Engineer

@ NielsenIQ | Mexico City, Mexico

View on infosec-jobs.com

Senior Consultant, Payment Intelligence

@ Visa | Washington, DC, United States

View on infosec-jobs.com

Corporate Counsel, Compliance

@ Okta | San Francisco, CA; Bellevue, WA; Chicago, IL; New York City; Washington, DC; Austin, TX

View on infosec-jobs.com

Security Operations Engineer

@ Samsara | Remote - US

View on infosec-jobs.com