WordPress.WooCommerce.Authentication.Bypass
Description
This indicates an attack attempt to exploit an Authentication Bypass vulnerability in WordPress plugin WooCommerce.
The vulnerability is due to the application's failure to properly check user input while handling a craft HTTP request. A remote unauthenticated attacker could exploit this vulnerability by sending an HTTP request to the target server. Successfully exploiting these vulnerabilities could allow an attacker to log in as an authenticated user.
Outbreak Alert
An authentication bypass vulnerability affecting the WooCommerce Payments plugin version 4.8.0 through 5.6.1. Successful exploitation of the vulnerability could allow an unauthorized attacker to gain admin privileges on the WordPress websites potentially leading to the site takeover, impersonate arbitrary users, including an administrator.
Affected Products
WordPress WooCommerce Plugin before and 5.6.1
Impact
Security Bypass: Remote attackers can bypass security features of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor https://developer.woocommerce.com/2023/03/23/critical-vulnerability-detected-in-woocommerce-payments-what-you-need-to-know/
Version Updates
Date | Version | Detail |
---|---|---|
2023-07-31 | 0.00354 |