Threat actors are exploiting a critical security vulnerability in the WooCommerce Payments WordPress plugin, which was recently disclosed by Wordfence.
This flaw, known as CVE-2023-28121 and rated with a CVSS score of 9.8, involves an authentication bypass that allows unauthenticated attackers to impersonate arbitrary users, including administrators. This could potentially lead to a complete takeover of the affected site.
Related Articles
According to Wordfence security researcher Ram Gall, large-scale attacks targeting this vulnerability commenced on Thursday, July 14, 2023, and continued over the weekend, peaking at 1.3 million attacks against 157,000 sites on Saturday, July 16, 2023.
The affected versions of WooCommerce Payments are from 4.8.0 through 5.6.1, and it’s crucial to note that the plugin is installed on more than 600,000 sites.
Although patches for this vulnerability were released by WooCommerce back in March 2023, some sites might still be at risk if they have not applied the necessary updates.
To exploit the flaw, attackers utilize the HTTP request header “X-Wcpay-Platform-Checkout-User: 1,” causing vulnerable sites to treat additional payloads as if they were coming from an administrative user.
Adobe ColdFusion Actively Exploited
There have also been reports of active exploitation of Adobe ColdFusion flaws, observed by Rapid7 in multiple customer environments starting July 13, 2023.
The attackers leveraged the vulnerabilities to deploy web shells on infected endpoints. Specifically, the flaws are identified as CVE-2023-29298 (CVSS score: 7.5) and a secondary vulnerability, CVE-2023-38203 (CVSS score: 9.8), which is a deserialization flaw addressed in an out-of-band update released on July 14.
CVE-2023-29298 is an access control bypass vulnerability affecting ColdFusion 2023, ColdFusion 2021 Update 6 and below, and ColdFusion 2018 Update 16 and below. By inserting an unexpected additional forward slash character in the requested URL, an attacker can gain access to the administration endpoints, as revealed by Rapid7.
It is crucial for users to update to the latest version of Adobe ColdFusion promptly, as this will ensure protection against potential threats. However, it’s important to note that the fix for CVE-2023-29298 is currently considered incomplete, making it necessary to remain vigilant and attentive to further updates from Adobe to stay secure against potential bypass attempts.
