Threat Signal ReportActive Exploitation of WooCommerce Payments Improper Authentication Vulnerability (CVE-2023-28121)
Description
| What is WooCommerce Payments? |
WooCommerce Payments is a popular e-commerce payment plugin for WordPress designed for small to large-sized online merchants using WordPress. According to Woo, the plugin has over 600,000 active installations.
|
| What is the Attack? |
CVE-2023-28121 is an authentication bypass vulnerability affecting the WooCommerce Payments plugin version 4.8.0 through 5.6.1. Successful exploitation of the vulnerability could allow an unauthorized attacker to gain admin privileges on the WordPress websites installed with the vulnerable version of the plugin enabled.
According to NIST (National Institute of Standards and Technology), CVE-2023-28121 has a CVSS base score of 9.8 and is rated critical. |
| Why is this Significant? |
This is significant because WooCommerce Payments is a popular plugin (>600,000 active installations) and is reported to be actively exploited in the wild. As such FortiGuard Labs advises to update the plugin to version 5.6.2 and later as soon as possible.
|
|
What is the Vendor Solution?
|
WooCommerce Payments plugin version 5.6.2 was released on March 23, 2023 to address the vulnerability.
|
| What FortiGuard Coverage is available? |
FortiGuard Labs has released a new IPS signature "WordPress.WooCommerce.Authentication.Bypass" in version 25.607.
|
Telemetry
Appendix
Critical Vulnerability Patched in WooCommerce Payments – What You Need to Know (Woo)
CVE-2023-28121 (NIST)
PSA: Update Now! Critical Authentication Bypass in WooCommerce Payments Allows Site Takeover (Wordfence)
WooCommerce Payments Improper Authentication Vulnerability (Outbreak Alert)
WordPress.WooCommerce.Authentication.Bypass (Fortinet)
✖
