WooCommerce Payments Improper Authentication Vulnerability
Actively exploited to takeover WordPress websites
An authentication bypass vulnerability affecting the WooCommerce Payments plugin version 4.8.0 through 5.6.1. Successful exploitation of the vulnerability could allow an unauthorized attacker to gain admin privileges on the WordPress websites potentially leading to the site takeover, impersonate arbitrary users, including an administrator. Learn More »
Common Vulnerabilities and Exposures
Background
WooCommerce is a open-source commerce solution built on WordPress and WooCommerce Payments is a popular e-commerce payment plugin for WordPress sites designed for small to large-sized online merchants. According to Woo, the plugin has over 600,000 active installations.
Threat Radar Overall Score: 3.4
CVSS Rating | 9.0 | |
FortiRecon Score | 90/100 | |
Known Exploited | No | |
Exploit Prediction Score | 94.59% | |
FortiGuard Telemetry | 6227 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
July 17, 2023: Cybersecurity Researchers at wordfence released a detailed analysis on campaign targeting wordpress sites.
https://www.wordfence.com/blog/2023/07/massive-targeted-exploit-campaign-against-woocommerce-payments-underway/
July 18, 2023: FortiGuard released a Threat signal.
https://www.fortiguard.com/threat-signal-report/5223/
July 24, 2023: FortiGuard Labs has released an IPS signature to detect and block any attack attempts relating to the vulnerability (CVE-2023-28121) and has blocked attack attempts on upto more than 4000+ unique IPS devices.
To mitigate any further risks update the WooCommerce Payments plugin to version 5.6.2 and later.
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
AV
-
AV (Pre-filter)
-
IPS
-
Web App Security
-
Outbreak Detection
-
Threat Hunting
-
Assisted Response Services
-
Automated Response
-
NOC/SOC Training
-
End-User Training
-
Attack Surface Hardening
-
Business Reputation
AV Detects and blocks malware exploiting WooCommerce Payments vulnerability (CVE-2023-28121)
AV (Pre-filter) Detects and blocks malware exploiting WooCommerce Payments vulnerability (CVE-2023-28121)
IPS Detects and blocks attack attemtps exploiting WooCommerce Payments vulnerability (CVE-2023-28121)
Web App Security Detects and blocks attack attemtps exploiting WooCommerce Payments vulnerability (CVE-2023-28121)
Outbreak Detection
Threat Hunting
Assisted Response Services Experts to assist you with analysis, containment and response activities.
Automated Response Services that can automaticlly respond to this outbreak.
NOC/SOC Training Train your network and security professionals and optimize your incident response to stay on top of the cyberattacks.
End-User Training Raise security awareness to your employees that are continuously being targetted by phishing, drive-by download and other forms of cyberattacks.
Attack Surface Hardening Check Security Fabric devices to build actionable configuration recommendations and key indicators.
Business Reputation Know attackers next move to protect against your business branding.
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
Mitre Matrix
Click here for the ATT&CK Matrix
References
Sources of information in support and relation to this Outbreak and vendor.