Source |
The Hacker News |
Identifiant |
8358125 |
Date de publication |
2023-07-18 11:26:00 (vue: 2023-07-18 07:06:43) |
Titre |
Cybercriminels exploitant WooCommerce Payments Plugin Flaw to Hijack Sites Web Cybercriminals Exploiting WooCommerce Payments Plugin Flaw to Hijack Websites |
Texte |
Les acteurs de la menace exploitent activement une faille de sécurité critique récemment divulguée dans le plugin WordPress de paiement WooCommerce dans le cadre d'une campagne ciblée massive.
Le défaut, suivi comme CVE-2023-28121 (score CVSS: 9.8), est un cas de contournement d'authentification qui permet aux attaquants non authentifiés de se faire passer pour les utilisateurs arbitraires et d'effectuer certaines actions en tant qu'utilisateur usurpé, y compris un
Threat actors are actively exploiting a recently disclosed critical security flaw in the WooCommerce Payments WordPress plugin as part of a massive targeted campaign.
The flaw, tracked as CVE-2023-28121 (CVSS score: 9.8), is a case of authentication bypass that enables unauthenticated attackers to impersonate arbitrary users and perform some actions as the impersonated user, including an |
Envoyé |
Oui |
Condensat |
2023 28121 actions actively actors arbitrary are as cve attackers authentication bypass campaign case critical cvss cybercriminals disclosed enables exploiting flaw hijack impersonate impersonated including massive part payments perform plugin recently score: security some targeted threat tracked unauthenticated user users websites woocommerce wordpress |
Tags |
Threat
|
Stories |
|
Notes |
★★
|
Move |
|