An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hackerone
Published: 2023-04-12T00:00:00
Updated: 2023-07-03T00:00:00
Reserved: 2023-03-10T00:00:00
Link: CVE-2023-28121
JSON object: View
NVD Information
Status : Modified
Published: 2023-04-12T21:15:28.057
Modified: 2023-12-18T15:22:19.917
Link: CVE-2023-28121
JSON object: View
Redhat Information
No data.
CWE