An issue in WooCommerce Payments plugin for WordPress ...
Critical severity
Unreviewed
Published
Apr 12, 2023
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Apr 12, 2023
Published to the GitHub Advisory Database
Apr 12, 2023
Last updated
Apr 4, 2024
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.
References