What is CVE-2023-28121?

CVE-2023-28121 is a vulnerability in Woocommerce Payments Wordpress Plugin, classified under Improper Authentication. Published 2023-04-12.

Is CVE-2023-28121 known to be exploited?

19 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Woocommerce Payments Wordpress Plugin

CVE-2023-28121

An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain…

Vulnerability class: Broken Authentication

EPSS: 0.937 (99.9th percentile) — read the EPSS interpretation.

Affected products

N/a Woocommerce Payments Wordpress Plugin — versions Fixed version 5.6.2

Weakness classification (CWE)

CWE-287 — Improper Authentication

Public proof-of-concept exploits

gbrsh/CVE-2023-28121
im-hanzou/Mass-CVE-2023-28121
luisdevpentest/CVE-2023-28121-WordPress-Privilege-Escalation
rio128128/Mass-CVE-2023-28121-kdoec
Jenderal92/WP-CVE-2023-28121
0axz-tools/CVE-2023-28121
sug4r-wr41th/CVE-2023-28121
1337nemojj/CVE-2023-28121
C04LA/CVE-2023-28121
rapid7/metasploit-framework

References

developer.woocommerce.com/2023/03/23/critical-vulnerability-detected-in-woocomm…
www.rcesecurity.com/2023/07/patch-diffing-cve-2023-28121-to-compromise-a-woocom…

Frequently asked questions

What is CVE-2023-28121?: CVE-2023-28121 is a vulnerability in Woocommerce Payments Wordpress Plugin, classified under Improper Authentication. Published 2023-04-12.
Is CVE-2023-28121 known to be exploited?: 19 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.