CVE-2023-35916

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 20, 2023

Updated: Dec 29, 2023

CWE ID 639

Summary

CVE-2023-35916 is a critical authorization bypass vulnerability affecting WooPayments – Fully Integrated Solution Built and Supported by Woo. The issue arises due to a user-controlled key vulnerability. An attacker can exploit this flaw to gain unauthorized access to protected data or functions, bypassing the intended access controls. This vulnerability poses a significant risk to installations of WooPayments from version n/a up to and including 5.9.0. It is essential that users upgrade to a patched version as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Automattic

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rwnvom
https://www.cve.org/CVERecord?id=CVE-2023-35916
https://nvd.nist.gov/vuln/detail/CVE-2023-35916

Back to Vulnerability Database

CVE-2023-35916

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations