CVE-2023-28121 Vulnerability Details

  /     /     /  

CVE-2023-28121 Metadata Quick Info

CVE Published: 12/04/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: hackerone | Vendor: n/a | Product: WooCommerce Payments WordPress Plugin
Status : PUBLISHED

---

CVE-2023-28121 Description

An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-287
CWE Name: Improper Authentication - Generic (CWE-287)
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).