CVE-2023-28121 – WooCommerce Payments 4.8.0 - 5.6.1 Authentication Bypass and Privilege Escalation

https://notcve.org/view.php?id=CVE-2023-28121

An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated. The WooCommerce Payments plugin is vulnerable to authentication bypass via the determine_current_user_for_platform_checkout function. This allows unauthenticated attackers to impersonate arbitrary users and perform some actions as the impersonated user, which can lead to site takeover. WooCommerce-Payments plugin for Wordpress versions 4.8, 4.8.2, 4.9, 4.9.1, 5.0, 5.0.4, 5.1, 5.1.3, 5.2, 5.2.2, 5.3, 5.3.1, 5.4, 5.4.1, 5.5, 5.5.2, and 5.6, 5.6.2 contain an authentication bypass by specifying a valid user ID number within the X-WCPAY-PLATFORM-CHECKOUT-USER header. • https://github.com/gbrsh/CVE-2023-28121 https://github.com/im-hanzou/Mass-CVE-2023-28121 https://github.com/1337nemojj/CVE-2023-28121 https://github.com/Jenderal92/WP-CVE-2023-28121 https://github.com/rio128128/Mass-CVE-2023-28121-kdoec https://developer.woocommerce.com/2023/03/23/critical-vulnerability-detected-in-woocommerce-payments-what-you-need-to-know https://www.rcesecurity.com/2023/07/patch-diffing-cve-2023-28121-to-compromise-a-woocommerce • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •