Update NU: Critical Authentication Bypass in WooCommerce Payments Allows Site Takeover

Update NU: Critical Authentication Bypass in WooCommerce Payments Allows Site Takeover

The Wordfence Threat Intelligence team regularly monitors plugin updates and reviews any indicating that a potential security issue may have been addressed. Today, March 23, 2023, we noticed that the “WooCommerce Payments – Fully Integrated Solution Built and Supported by Woo” plugin updated to version 5.6.2 with a changelog entry marked simply “Security update.”

After reviewing the update we determined that it removed vulnerable code that could allow an unauthenticated attacker to impersonate an administrator and completely take over a website without any user interaction or social engineering required.

[lees verder bij WordFence]

23-03-2023 Deel
Deze website is gemaakt met Websitemachine.nl