Shubham Sawarkar
In a recent alarming discovery, cybersecurity researchers from Wordfence have issued a warning to the vast community of WordPress users. The popular WooCommerce Payments plugin, installed on over 600,000 websites, has been targeted by threat actors exploiting a severe security flaw. Known as CVE-2023-28121, this vulnerability holds a severity score of 9.8, leaving websites susceptible to a full takeover. As the attacks escalate, experts emphasize the need for immediate action to safeguard websites from malicious intrusions.
The critical flaw, classified as an “authentication bypass,” enables malicious actors to circumvent normal authentication processes and assume the identity of various users, including administrators. This loophole in the WooCommerce Payments plugin grants attackers unprecedented access, posing a significant risk to website owners and their visitors.
Despite the gravity of the situation, it has come to light that the patch for CVE-2023-28121 has been available for several months. The attack surge, largely automated, began on Thursday, July 14, 2023, and persisted throughout the weekend, reaching a peak of 1.3 million attacks on 157,000 sites on Saturday, July 16, 2023. The delayed response from website owners in updating their plugins has inadvertently enabled cybercriminals to exploit this vulnerability to the fullest.
Once attackers successfully infiltrate vulnerable websites, they proceed to deploy the WP Console plugin as a conduit for executing malicious code. This includes the installation of harmful file uploaders and backdoors, granting them persistent access and control over the compromised site. With this level of unauthorized access, cyber criminals can manipulate websites, steal sensitive data, and cause significant disruption to businesses and their clientele.
Credit goes to cybersecurity researchers from GoldNetwork, who initially discovered the vulnerability in late March 2023. At that time, no evidence indicated active exploitation in the wild. However, WordPress quickly took action by issuing a mandatory update to all websites utilizing the WooCommerce Payments plugin, aiming to minimize potential damages. Unfortunately, this has proven insufficient, as a substantial number of websites still lack the necessary updates, often due to the disabling of automatic update features.
The versions of WooCommerce Payments susceptible to the CVE-2023-28121 vulnerability include: 4.8.0, 4.9.1, 5.0.4, 5.1.3, 5.2.2, 5.3.1, 5.4.1, 5.5.2, and 5.6.2. Websites operating on any of these versions are at risk until they receive the appropriate updates.
