Description

The WooCommerce Payments plugin versions 4.8.0 to 5.6.1 are vulnerable to authentication bypass via the 'determine_current_user_for_platform_checkout' function. This allows unauthenticated attackers to impersonate arbitrary users and perform actions as the impersonated user. In certain cases, this can lead to site takeover.

An attacker can exploit this vulnerability by crafting requests to the determine_current_user_for_platform_checkout function, effectively bypassing the authentication process. This unauthorized access can then be used to perform actions on behalf of the impersonated user, potentially leading to further exploitation and control over the site.

Remediation

Update WooCommerce Payments Plugin: It is recommended to update the WooCommerce Payments plugin to the latest version, where this vulnerability has been addressed. Regularly updating your plugins and core software can help protect your site from known vulnerabilities.

References

WooCommerce Payments 4.8.0 - 5.6.1 Authentication Bypass and Privilege Escalation

Patch Diffing CVE-2023-28121 to Compromise a WooCommerce

Related Vulnerabilities

WordPress Plugin Meow Gallery (+ Gallery Block) Security Bypass (4.1.9)

WordPress Plugin Woody ad snippets-Insert Header Footer Code, AdSense Ads Security Bypass (2.2.5)

WordPress Plugin Helpie FAQ-WordPress FAQ Accordion Security Bypass (0.7)

Joomla! Core Security Bypass (2.5.0 - 3.9.15)

WordPress Plugin YITH WooCommerce Waiting List Security Bypass (1.3.9)

Severity

High

Classification

CVE-2023-28121 CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Authentication Bypass Privilege Escalation