Description
WordPress Plugin WooCommerce Blocks is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently create accounts via checkout block request. WordPress Plugin WooCommerce Blocks version 3.7.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.7.1 or latest
References
https://developer.woocommerce.com/2020/11/05/developer-advisory-spam-orders-and-accounts-from-bots/
https://plugins.svn.wordpress.org/woo-gutenberg-products-block/trunk/readme.txt
Related Vulnerabilities
MODX Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-1010123)
e107 Other Vulnerability (CVE-2004-2028)
WordPress Plugin Post Thumbnail Editor Multiple Cross-Site Request Forgery Vulnerabilities (2.4.1)
FrontAccounting Cross-site Request Forgery (CSRF) Vulnerability (CVE-2018-7176)
Apache Tomcat Data Processing Errors Vulnerability (CVE-2014-0227)