cleantalk
Vulnerabilities and Security Researches

WooPayments: Integrated WooCommerce Payments, 1ad997f7b769fb925cf6bedd63b85b914e27cfc8

CVE, Research URL

1ad997f7b769fb925cf6bedd63b85b914e27cfc8

Home page URL

Security reports for WooPayments: Integrated WooCommerce Payments

Application

WooPayments: Integrated WooCommerce Payments

Published on
Mar 23, 2023
Research Description
WooPayments: Integrated WooCommerce Payments [woocommerce-payments] < 5.6.2 WooCommerce Payments 4.8.0 - 5.6.1 Authentication Bypass and Privilege Escalation The WooCommerce Payments plugin is vulnerable to authentication bypass via the determine_current_user_for_platform_checkout function. This allows unauthenticated attackers to impersonate arbitrary users and perform some actions as the impersonated user, which can lead to site takeover.
Affected versions
Min -, max 5.6.2.
Status
vulnerable
Previous vulnerability researches
WooPayments: Integrated WooCommerce Payments (1ad997f7b769fb925cf6bedd63b85b914e27cfc8) , Jun 07, 2024
WooPayments: Integrated WooCommerce Payments (CVE-2023-28121) , Jun 07, 2024
WooPayments: Integrated WooCommerce Payments (CVE-2023-35915) , Jun 07, 2024
WooPayments: Integrated WooCommerce Payments (CVE-2023-35916) , Jun 07, 2024
WooPayments: Integrated WooCommerce Payments (CVE-2023-51503) , Jun 07, 2024
New vulnerability
MyRewards &#8211; Loyalty Points and Rewards for WooCommerce &#8211; Reward orders, referrals, product reviews and more (CVE-2025-24757) , Jul 06, 2025
File Manager (CVE-2025-27358) , Jul 06, 2025
Booking Calendar Contact Form (CVE-2025-48231) , Jul 06, 2025
NGG Smart Image Search (CVE-2025-52832) , Jul 05, 2025
(Simply) Guest Author Name (CVE-2025-24764) , Jul 05, 2025