CVE-2023-28121 - OpenCVE

An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Automattic	Woocommerce Payments Woopayments

Configuration 1 [-]

OR	cpe:2.3:a:automattic:woocommerce_payments::::::wordpress::*
	cpe:2.3:a:automattic:woocommerce_payments::::::wordpress::*
	cpe:2.3:a:automattic:woocommerce_payments::::::wordpress::*
	cpe:2.3:a:automattic:woocommerce_payments::::::wordpress::*
	cpe:2.3:a:automattic:woocommerce_payments::::::wordpress::*
	cpe:2.3:a:automattic:woopayments::::::wordpress::*
	cpe:2.3:a:automattic:woopayments:4.9.0:::::wordpress::
	cpe:2.3:a:automattic:woopayments:5.3.0:::::wordpress::
	cpe:2.3:a:automattic:woopayments:5.4.0:::::wordpress::

References

Link	Resource
https://developer.woocommerce.com/2023/03/23/critical-vulnerability-detected-in-woocommerce-payments-what-you-need-to-know/	Vendor Advisory
https://www.rcesecurity.com/2023/07/patch-diffing-cve-2023-28121-to-compromise-a-woocommerce/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hackerone

Published: 2023-04-12T00:00:00

Updated: 2023-07-03T00:00:00

Reserved: 2023-03-10T00:00:00

Link: CVE-2023-28121

JSON object: View

NVD Information

Status : Modified

Published: 2023-04-12T21:15:28.057

Modified: 2023-12-18T15:22:19.917

Link: CVE-2023-28121

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:automattic:woocommerce_payments:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FE70E8AE-CFBB-4575-A340-DBD17C3CE853", "versionEndExcluding": "4.8.2", "versionStartIncluding": "4.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:woocommerce_payments:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "519111D8-D787-4B95-91F3-9FCFF17723C3", "versionEndExcluding": "5.0.4", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:woocommerce_payments:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "47F55EC1-8DE8-4BB8-9D92-23510CB191FF", "versionEndExcluding": "5.1.3", "versionStartIncluding": "5.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:woocommerce_payments:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "0D29E155-A3A0-446A-A414-B3CC66D6450B", "versionEndExcluding": "5.2.2", "versionStartIncluding": "5.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:woocommerce_payments:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8AF27AE4-B382-4293-9E7A-1A06769DFF1D", "versionEndExcluding": "5.5.2", "versionStartIncluding": "5.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:woopayments:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "AEB22CB8-53ED-4073-ADA9-8C87B4F0176F", "versionEndExcluding": "5.6.2", "versionStartIncluding": "5.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:woopayments:4.9.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "08275EF1-5695-4CC4-A4B9-8D5429C37DB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:woopayments:5.3.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "A4D5E491-B3BB-4D91-9DD6-845A35833F20", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:woopayments:5.4.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "0D756027-30C4-443C-8421-62D6EFA8B2C3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated."}], "id": "CVE-2023-28121", "lastModified": "2023-12-18T15:22:19.917", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-12T21:15:28.057", "references": [{"source": "support@hackerone.com", "tags": ["Vendor Advisory"], "url": "https://developer.woocommerce.com/2023/03/23/critical-vulnerability-detected-in-woocommerce-payments-what-you-need-to-know/"}, {"source": "support@hackerone.com", "url": "https://www.rcesecurity.com/2023/07/patch-diffing-cve-2023-28121-to-compromise-a-woocommerce/"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "support@hackerone.com", "type": "Secondary"}]}