{"id":2309,"date":"2023-03-25T04:30:18","date_gmt":"2023-03-25T04:30:18","guid":{"rendered":"https:\/\/secry.me\/explore\/?p=2309"},"modified":"2023-10-03T11:46:13","modified_gmt":"2023-10-03T11:46:13","slug":"critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation","status":"publish","type":"post","link":"https:\/\/secry.me\/explore\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\/","title":{"rendered":"Critical WooCommerce Payments Plugin Flaw: Authentication Bypass &#038; Privilege Escalation"},"content":{"rendered":"<div class=\"c7f5092f831f91fb6af859cc3a8052cc\" data-index=\"4\" style=\"float: none; margin:10px 0 10px 0; text-align:center;\">\n<script async src=\"https:\/\/securepubads.g.doubleclick.net\/tag\/js\/gpt.js\"><\/script>\r\n<script>\r\n  window.googletag = window.googletag || {cmd: []};\r\n  googletag.cmd.push(function() {\r\n    googletag.defineSlot('\/22608490431\/iklan1', [[320, 100], [300, 50]], 'div-gpt-ad-1696178236578-0').addService(googletag.pubads());\r\n    googletag.pubads().enableSingleRequest();\r\n    googletag.enableServices();\r\n  });\r\n<\/script>\r\n<!-- \/22608490431\/iklan1 -->\r\n<div id='div-gpt-ad-1696178236578-0' style='min-width: 300px; min-height: 50px;'>\r\n  <script>\r\n    googletag.cmd.push(function() { googletag.display('div-gpt-ad-1696178236578-0'); });\r\n  <\/script>\r\n<\/div>\n<\/div>\n<h2>Overview<\/h2>\n<p>A <a href=\"https:\/\/secry.me\/explore\/cyber-security\/\">critical vulnerability<\/a> has been discovered in the WooCommerce Payments plugin, which is installed on over 500,000 WordPress websites. The vulnerability, if not resolved, could allow <strong>unauthorized attackers to gain administrative access<\/strong> to impacted stores.<\/p>\n<p>This would enable an unauthenticated attacker to impersonate an administrator and take over a website without any user interaction or social engineering required.<\/p>\n<p>The company has <a href=\"https:\/\/secry.me\/explore\/wcpk\">released patches<\/a> for the affected versions and urges users to update their plugins immediately.<\/p>\n<p>&nbsp;<\/p>\n<h2>The Vulnerability<\/h2>\n<p>This security flaw, could enable an attacker to gain unauthorized admin access to impacted stores without any user interaction or social engineering required. The vulnerability affects versions 4.8.0 through 5.6.1 of the WooCommerce Payments plugin.<\/p>\n<p>The issue lies in a PHP file called &#8220;<strong><em>class-platform-checkout-session.php.<\/em><\/strong>&#8221; Michael Mazzolini of Swiss penetration testing company GoldNetwork is credited with discovering and reporting the vulnerability.<\/p>\n<p>&nbsp;<\/p>\n<h2>Recommended Actions<\/h2>\n<p>Website administrators using the affected plugin should take the following actions:<\/p>\n<ol>\n<li>Update WooCommerce Payments to version <a href=\"https:\/\/secry.me\/explore\/yu9u\">5.6.2<\/a> immediately.<\/li>\n<li>Change all administrator passwords.<\/li>\n<li>Rotate payment gateway and WooCommerce API keys.<\/li>\n<li>Check for newly added admin users and unfamiliar IP addresses.<\/li>\n<\/ol>\n<p>While it is unlikely that passwords themselves were compromised, it is advised to change them if they are reused across multiple websites. Additionally, changing the salts within the <strong>wp-config.php<\/strong> file can provide extra security.<\/p>\n<p>&nbsp;<\/p>\n<h2>WooCommerce&#8217;s Response<\/h2>\n<p><strong>WooCommerce<\/strong> worked with WordPress to <strong><em>auto-update<\/em><\/strong> sites using affected versions of the software. <a href=\"https:\/\/secry.me\/explore\/uwyw\">Patched versions<\/a> include <em><strong>4.8.2, 4.9.1, 5.0.4, 5.1.3, 5.2.2, 5.3.1, 5.4.1, 5.5.2, and 5.6.2<\/strong><\/em>.<\/p>\n<figure id=\"attachment_2342\" aria-describedby=\"caption-attachment-2342\" style=\"width: 954px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\" td-modal-image wp-image-2342 size-full\" src=\"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/03\/wcpayments.png\" alt=\"WooCommerce Plugin change history\" width=\"954\" height=\"384\" srcset=\"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/03\/wcpayments.png 954w, https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/03\/wcpayments-300x121.png 300w, https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/03\/wcpayments-768x309.png 768w\" sizes=\"auto, (max-width: 954px) 100vw, 954px\" \/><figcaption id=\"caption-attachment-2342\" class=\"wp-caption-text\"><em>WooCommerce Plugin change history<\/em><br \/><em>Source: https:\/\/blog.sucuri.net\/<\/em><\/figcaption><\/figure>\n<p>The maintainers of the e-commerce plugin have also disabled the WooPay beta program due to concerns that the security defect could impact the payment checkout service.<\/p>\n<p>&nbsp;<\/p>\n<h2>Potential Exploits<\/h2>\n<p>While there is currently no evidence of the vulnerability being actively exploited, it is expected to be weaponized on a large scale once a proof-of-concept becomes available. Wordfence researcher Ram Gall cautioned that mass exploitation targeting this vulnerability is likely in the near future.<\/p>\n<p>&nbsp;<\/p>\n<h2>Protection Measures<\/h2>\n<p><strong>Wordfence <\/strong>has <a href=\"https:\/\/secry.me\/explore\/i0lc\">released<\/a> a firewall rule on March 23, 2023, to protect sites with Wordfence Premium, Wordfence Care, or Wordfence Response installed. If your site is running the free version of Wordfence, the rule will become available on April 22, 2023.<\/p>\n<p>It is highly recommended that you forward this advisory to any friends or colleagues using the WooCommerce Payments plugin on their websites. Raising awareness within the WordPress community is crucial for ensuring the security of affected sites.<\/p>\n<p>&nbsp;<\/p>\n<h2>Incident Response Services<\/h2>\n<p>If you believe your site has been compromised as a result of this vulnerability or any other issue, <strong>Wordfence Care<\/strong> offers Incident Response services. For immediate site cleaning, Wordfence Response provides the same service with 24\/7\/365 availability and a 1-hour response time. Both products include hands-on support in case you need further assistance.Privilege Escalation.<\/p>\n<p>&nbsp;<\/p>\n<h2>Final Thoughts<\/h2>\n<p>The critical vulnerability found in the WooCommerce Payments plugin underscores the need to keep plugins updated and enable automatic updates.<\/p>\n<p>WooCommerce&#8217;s security team swiftly addressed the issue, making it vital for website administrators to act immediately to safeguard their sites from potential exploits.<\/p>\n<p>Currently, no evidence suggests active exploitation of this vulnerability. However, Wordfence researcher Ram Gall cautions that large-scale weaponization could occur once a proof-of-concept becomes available.<\/p>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n\n<div style=\"font-size: 0px; height: 0px; line-height: 0px; margin: 0; padding: 0; clear: both;\"><\/div>","protected":false},"excerpt":{"rendered":"<p>Overview A critical vulnerability has been discovered in the WooCommerce Payments plugin, which is installed on over 500,000 WordPress websites. The vulnerability, if not resolved, could allow unauthorized attackers to gain administrative access to impacted stores. This would enable an unauthenticated attacker to impersonate an administrator and take over a website without any user interaction [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2336,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[194,131],"tags":[205,206,204,202,203],"class_list":["post-2309","post","type-post","status-publish","format-standard","has-post-thumbnail","category-cyber-security","category-news","tag-authentication-bypass","tag-privilege-escalation","tag-sucuri","tag-woocommerce","tag-wordfence"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.4 (Yoast SEO v27.6) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Critical WooCommerce Payments Plugin Flaw: Authentication Bypass &amp; Privilege Escalation | SECRY<\/title>\n<meta name=\"description\" content=\"Overview A critical vulnerability has been discovered in the WooCommerce Payments plugin, which is installed on over 500,000 WordPress websites. The\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/secry.me\/explore\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Critical WooCommerce Payments Plugin Flaw: Authentication Bypass &amp; Privilege Escalation | SECRY\" \/>\n<meta property=\"og:description\" content=\"Overview A critical vulnerability has been discovered in the WooCommerce Payments plugin, which is installed on over 500,000 WordPress websites. The\" \/>\n<meta property=\"og:url\" content=\"https:\/\/secry.me\/explore\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\/\" \/>\n<meta property=\"og:site_name\" content=\"SECRY\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/secry.me\" \/>\n<meta property=\"article:published_time\" content=\"2023-03-25T04:30:18+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-10-03T11:46:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/secryweb.sirv.com\/WP_secry.me\/2023\/03\/Authentication-Bypass-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Christin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Christin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\\\/\"},\"author\":{\"name\":\"Christin\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/person\\\/907be2b2cdf630b0640516d22bb40deb\"},\"headline\":\"Critical WooCommerce Payments Plugin Flaw: Authentication Bypass &#038; Privilege Escalation\",\"datePublished\":\"2023-03-25T04:30:18+00:00\",\"dateModified\":\"2023-10-03T11:46:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\\\/\"},\"wordCount\":537,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/Authentication-Bypass-1.png\",\"keywords\":[\"Authentication Bypass\",\"Privilege Escalation\",\"Sucuri\",\"WooCommerce\",\"Wordfence\"],\"articleSection\":[\"Cyber Security\",\"Hacker News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/secry.me\\\/explore\\\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\\\/\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\\\/\",\"name\":\"Critical WooCommerce Payments Plugin Flaw: Authentication Bypass & Privilege Escalation | SECRY\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/Authentication-Bypass-1.png\",\"datePublished\":\"2023-03-25T04:30:18+00:00\",\"dateModified\":\"2023-10-03T11:46:13+00:00\",\"description\":\"Overview A critical vulnerability has been discovered in the WooCommerce Payments plugin, which is installed on over 500,000 WordPress websites. The\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/secry.me\\\/explore\\\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\\\/#primaryimage\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/Authentication-Bypass-1.png\",\"contentUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/Authentication-Bypass-1.png\",\"width\":1280,\"height\":720,\"caption\":\"WooCommerce Payments Plugin Flaw: Authentication Bypass and Privilege Escalation\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/secry.me\\\/explore\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Critical WooCommerce Payments Plugin Flaw: Authentication Bypass &#038; Privilege Escalation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#website\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/\",\"name\":\"SECRY\",\"description\":\"#1 Cyber [SEC]urity Sto[RY]  -  News &amp; Bug Bounty Story Collections\",\"publisher\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\"},\"alternateName\":\"Security Story\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/secry.me\\\/explore\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\",\"name\":\"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections\",\"alternateName\":\"SECRY\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/secryweb.sirv.com\\\/WP_secry.me\\\/2022\\\/06\\\/cropped-SECRY.webp\",\"contentUrl\":\"https:\\\/\\\/secryweb.sirv.com\\\/WP_secry.me\\\/2022\\\/06\\\/cropped-SECRY.webp\",\"width\":512,\"height\":512,\"caption\":\"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/secry.me\",\"https:\\\/\\\/pinterest.com\\\/secry_me\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/person\\\/907be2b2cdf630b0640516d22bb40deb\",\"name\":\"Christin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"caption\":\"Christin\"},\"description\":\"A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.\",\"sameAs\":[\"https:\\\/\\\/secry.me\\\/explore\"],\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/author\\\/secry\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Critical WooCommerce Payments Plugin Flaw: Authentication Bypass & Privilege Escalation | SECRY","description":"Overview A critical vulnerability has been discovered in the WooCommerce Payments plugin, which is installed on over 500,000 WordPress websites. The","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/secry.me\/explore\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\/","og_locale":"en_US","og_type":"article","og_title":"Critical WooCommerce Payments Plugin Flaw: Authentication Bypass & Privilege Escalation | SECRY","og_description":"Overview A critical vulnerability has been discovered in the WooCommerce Payments plugin, which is installed on over 500,000 WordPress websites. The","og_url":"https:\/\/secry.me\/explore\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\/","og_site_name":"SECRY","article_publisher":"https:\/\/www.facebook.com\/secry.me","article_published_time":"2023-03-25T04:30:18+00:00","article_modified_time":"2023-10-03T11:46:13+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2023\/03\/Authentication-Bypass-1.png","type":"image\/png"}],"author":"Christin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Christin","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/secry.me\/explore\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\/#article","isPartOf":{"@id":"https:\/\/secry.me\/explore\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\/"},"author":{"name":"Christin","@id":"https:\/\/secry.me\/explore\/#\/schema\/person\/907be2b2cdf630b0640516d22bb40deb"},"headline":"Critical WooCommerce Payments Plugin Flaw: Authentication Bypass &#038; Privilege Escalation","datePublished":"2023-03-25T04:30:18+00:00","dateModified":"2023-10-03T11:46:13+00:00","mainEntityOfPage":{"@id":"https:\/\/secry.me\/explore\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\/"},"wordCount":537,"commentCount":0,"publisher":{"@id":"https:\/\/secry.me\/explore\/#organization"},"image":{"@id":"https:\/\/secry.me\/explore\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\/#primaryimage"},"thumbnailUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/03\/Authentication-Bypass-1.png","keywords":["Authentication Bypass","Privilege Escalation","Sucuri","WooCommerce","Wordfence"],"articleSection":["Cyber Security","Hacker News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/secry.me\/explore\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/secry.me\/explore\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\/","url":"https:\/\/secry.me\/explore\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\/","name":"Critical WooCommerce Payments Plugin Flaw: Authentication Bypass & Privilege Escalation | SECRY","isPartOf":{"@id":"https:\/\/secry.me\/explore\/#website"},"primaryImageOfPage":{"@id":"https:\/\/secry.me\/explore\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\/#primaryimage"},"image":{"@id":"https:\/\/secry.me\/explore\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\/#primaryimage"},"thumbnailUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/03\/Authentication-Bypass-1.png","datePublished":"2023-03-25T04:30:18+00:00","dateModified":"2023-10-03T11:46:13+00:00","description":"Overview A critical vulnerability has been discovered in the WooCommerce Payments plugin, which is installed on over 500,000 WordPress websites. The","breadcrumb":{"@id":"https:\/\/secry.me\/explore\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/secry.me\/explore\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secry.me\/explore\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\/#primaryimage","url":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/03\/Authentication-Bypass-1.png","contentUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/03\/Authentication-Bypass-1.png","width":1280,"height":720,"caption":"WooCommerce Payments Plugin Flaw: Authentication Bypass and Privilege Escalation"},{"@type":"BreadcrumbList","@id":"https:\/\/secry.me\/explore\/critical-woocommerce-payments-plugin-flaw-authentication-bypass-privilege-escalation\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/secry.me\/explore\/"},{"@type":"ListItem","position":2,"name":"Critical WooCommerce Payments Plugin Flaw: Authentication Bypass &#038; Privilege Escalation"}]},{"@type":"WebSite","@id":"https:\/\/secry.me\/explore\/#website","url":"https:\/\/secry.me\/explore\/","name":"SECRY","description":"#1 Cyber [SEC]urity Sto[RY]  -  News &amp; Bug Bounty Story Collections","publisher":{"@id":"https:\/\/secry.me\/explore\/#organization"},"alternateName":"Security Story","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/secry.me\/explore\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/secry.me\/explore\/#organization","name":"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections","alternateName":"SECRY","url":"https:\/\/secry.me\/explore\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secry.me\/explore\/#\/schema\/logo\/image\/","url":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2022\/06\/cropped-SECRY.webp","contentUrl":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2022\/06\/cropped-SECRY.webp","width":512,"height":512,"caption":"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections"},"image":{"@id":"https:\/\/secry.me\/explore\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/secry.me","https:\/\/pinterest.com\/secry_me"]},{"@type":"Person","@id":"https:\/\/secry.me\/explore\/#\/schema\/person\/907be2b2cdf630b0640516d22bb40deb","name":"Christin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","caption":"Christin"},"description":"A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.","sameAs":["https:\/\/secry.me\/explore"],"url":"https:\/\/secry.me\/explore\/author\/secry\/"}]}},"_links":{"self":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/2309","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/comments?post=2309"}],"version-history":[{"count":36,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/2309\/revisions"}],"predecessor-version":[{"id":3457,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/2309\/revisions\/3457"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/media\/2336"}],"wp:attachment":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/media?parent=2309"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/categories?post=2309"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/tags?post=2309"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}