Description

The WooCommerce Payments plugin versions 4.8.0 to 5.6.1 are vulnerable to authentication bypass via the 'determine_current_user_for_platform_checkout' function. This allows unauthenticated attackers to impersonate arbitrary users and perform actions as the impersonated user. In certain cases, this can lead to site takeover.

An attacker can exploit this vulnerability by crafting requests to the determine_current_user_for_platform_checkout function, effectively bypassing the authentication process. This unauthorized access can then be used to perform actions on behalf of the impersonated user, potentially leading to further exploitation and control over the site.

Remediation

Update WooCommerce Payments Plugin: It is recommended to update the WooCommerce Payments plugin to the latest version, where this vulnerability has been addressed. Regularly updating your plugins and core software can help protect your site from known vulnerabilities.

References

WooCommerce Payments 4.8.0 - 5.6.1 Authentication Bypass and Privilege Escalation

Patch Diffing CVE-2023-28121 to Compromise a WooCommerce

Related Vulnerabilities

WordPress Plugin Age Gate Security Bypass (2.17.0)

WordPress Plugin Batch Cat Security Bypass (0.3)

WordPress Plugin MapPress Maps for WordPress Security Bypass (2.54.5)

WordPress Plugin BePro Listings Security Bypass (2.2.0020)

WordPress Plugin Import and export users and customers Security Bypass (1.15)

Severity

High

Classification

CVE-2023-28121 CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Authentication Bypass Privilege Escalation