WordPress 'WooCommerce Payments' Plugin Critical Vulnerability Spotted: Here's What You Need to Know

A critical vulnerability in the WooCommerce Payments plugin allows hackers to get access to user privileges.

A critical vulnerability was spotted on WordPress WooCommerce Payments plugin, which allowed hackers to get access to user privileges. These include administration access upon vulnerable WordPress installation.

WordPress WooCommerce Payments Plugin Had Over 600,000 Active Installations

According to Bleeping Computer, this comes from one of the most popular WordPress plugins, WooCommerce Payment. The plugin would allow users to accept credit and debit cards for payments on the user's WooCommerce stores.

WordPress outlines that over 600,000 active installations already used the plugin. Due to the number of users that have actively installed the plugin, the vulnerability could have affected numerous users.

Vulnerability Version CVE-2023-28121 Had a Vulnerability Rating of 9.8

Developers released an update on March 23, 2023, to fix the vulnerability. Through update version 5.6.2, users can fix the critical 9.8-rated vulnerability tracked as CVE-2023-28121.

Those potentially vulnerable to this issue are those on WooCommerce Payments 4.8.0 and higher installed and activated on their site and not updated to the patched version. This vulnerability would allow any remote hacker to impersonate an administrator and be able to control a WordPress site.

Plugin Forcefully Installed and Researchers Able to Analyze How the Bug Worked

As Automattic force installed the security fix of WordPress installations utilizing the plugin, WooCommerce noted that there was "no known active" vulnerability exploitation at the time. However, researchers said that due to the bug's critical nature, there would likely be vulnerabilities happening in the future.

It was reported that just recently, RCE Security researchers were able to analyze the bug and also release a technical blog to reveal how the CVE-2023-28121 vulnerability worked. It came as the researchers explained how the attackers were able to access the feature.

Researchers Able to Gain as Much Access as an Original User ID

The researchers revealed that all they had to do was add the "X-WCPAY-PLATFORM-CHECKOUT-USER" request header in order for hackers to set it to a user ID of the account they wanted to pretend to be.

Whenever the plugin reportedly spots the header, it will simply identify it as a request coming from the original user ID, and that includes giving access to all of the user's privileges.

Researchers Released a Proof-of-Concept to Show How the Exploit Worked

RCE Security also released what was taken as a proof-of-concept of the given exploit, showing how hackers could use the flaw to be able to create a new admin user on the penetrated WordPress sites. That would allow for a simple takeover, giving the hacker instant access to the site.

Wordfence, a WordPress security firm, warned that the threat actors are already exploiting the particular vulnerability in a major campaign that could see over 157,000 websites affected. It was explained that large-scale attacks started on July 14 and continued, peaking at 1.3 million attacks directed at 157,000 sites as of July 16.

Tech Times
Tech Times Tech Times
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags:Wordpress
Join the Discussion
Real Time Analytics