Description

The WooCommerce Payments plugin versions 4.8.0 to 5.6.1 are vulnerable to authentication bypass via the 'determine_current_user_for_platform_checkout' function. This allows unauthenticated attackers to impersonate arbitrary users and perform actions as the impersonated user. In certain cases, this can lead to site takeover.

An attacker can exploit this vulnerability by crafting requests to the determine_current_user_for_platform_checkout function, effectively bypassing the authentication process. This unauthorized access can then be used to perform actions on behalf of the impersonated user, potentially leading to further exploitation and control over the site.

Remediation

Update WooCommerce Payments Plugin: It is recommended to update the WooCommerce Payments plugin to the latest version, where this vulnerability has been addressed. Regularly updating your plugins and core software can help protect your site from known vulnerabilities.

References

WooCommerce Payments 4.8.0 - 5.6.1 Authentication Bypass and Privilege Escalation

Patch Diffing CVE-2023-28121 to Compromise a WooCommerce

Related Vulnerabilities

Drupal Core 9.2.x Security Bypass (9.2.0 - 9.2.20)

WordPress Plugin Login with phone number Security Bypass (1.7.26)

WordPress Plugin The Plus Addons for Elementor Security Bypass (4.1.10)

Drupal Core 8.7.x Security Bypass (8.7.0 - 8.7.10)

WordPress Plugin The Events Calendar Security Bypass (3.11.2)

Severity

High

Classification

CVE-2023-28121 CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Authentication Bypass Privilege Escalation