cleantalk
Vulnerabilities and Security Researches

WooPayments: Integrated WooCommerce Payments, CVE-2023-28121

CVE, Research URL

CVE-2023-28121

Home page URL

Security reports for WooPayments: Integrated WooCommerce Payments

Application

WooPayments: Integrated WooCommerce Payments

Published on
Apr 13, 2023
Research Description
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.
Affected versions
Min -, max 5.6.2.
Status
vulnerable
Previous vulnerability researches
WooPayments: Integrated WooCommerce Payments (1ad997f7b769fb925cf6bedd63b85b914e27cfc8) , Jun 07, 2024
WooPayments: Integrated WooCommerce Payments (CVE-2023-28121) , Jun 07, 2024
WooPayments: Integrated WooCommerce Payments (CVE-2023-35915) , Jun 07, 2024
WooPayments: Integrated WooCommerce Payments (CVE-2023-35916) , Jun 07, 2024
WooPayments: Integrated WooCommerce Payments (CVE-2023-51503) , Jun 07, 2024
New vulnerability
MyRewards – Loyalty Points and Rewards for WooCommerce – Reward orders, referrals, product reviews and more (CVE-2025-24757) , Jul 06, 2025
File Manager (CVE-2025-27358) , Jul 06, 2025
Booking Calendar Contact Form (CVE-2025-48231) , Jul 06, 2025
NGG Smart Image Search (CVE-2025-52832) , Jul 05, 2025
(Simply) Guest Author Name (CVE-2025-24764) , Jul 05, 2025