# N/A
## 概述
WooCommerce Payments plugin for WordPress存在一个漏洞,版本5.6.1及以下版本受到影响。该漏洞允许未经过身份验证的攻击者以管理员或其他高权限用户的身份发送请求,从而获得网站的管理员权限。
## 影响版本
- 5.6.1及以下版本
## 细节
未经过身份验证的攻击者可以利用此漏洞发送请求,模拟管理员或其他高权限用户的行为,进而获得网站的管理员权限。
## 影响
该漏洞可能导致远程未经过身份验证的攻击者获得网站的管理员权限,从而控制网站并可能导致数据泄露、篡改或损坏。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | WooCommerce Payments: Unauthorized Admin Access Exploit | https://github.com/gbrsh/CVE-2023-28121 | POC详情 |
| 2 | CVE-2023-28121 - WooCommerce Payments < 5.6.2 - Unauthenticated Privilege Escalation [ Mass Add Admin User ] | https://github.com/im-hanzou/Mass-CVE-2023-28121 | POC详情 |
| 3 | CVE-2023-28121 - WooCommerce Payments < 5.6.2 - Unauthenticated Privilege Escalation [ Mass Add Admin User ] | https://github.com/rio128128/Mass-CVE-2023-28121-kdoec | POC详情 |
| 4 | None | https://github.com/C04LA/CVE-2023-28121 | POC详情 |
| 5 | Python 2.7 | https://github.com/Jenderal92/WP-CVE-2023-28121 | POC详情 |
| 6 | None | https://github.com/1337nemojj/CVE-2023-28121 | POC详情 |
| 7 | WooCommerce Payments =< 5.6.1 CVE-2023-28121 PoC | https://github.com/sug4r-wr41th/CVE-2023-28121 | POC详情 |
| 8 | An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-28121.yaml | POC详情 |
| 9 | None | https://github.com/0axz-tools/CVE-2023-28121 | POC详情 |
暂无评论