WooCommerce Payments Plugin Flaw Patched 

WooCommerce Patched

WooCommerce Payments Plugin Flaw Patched 

Product and affected versions:
The WooCommerce Payments plugin for WordPress, versions 4.8.0 through 5.6.1.
Severity and CEV ID:
Critical security flaw. No CEV ID provided.
Vulnerability:
The flaw could allow an unauthenticated attacker to impersonate an administrator and take over a website without any user interaction or social engineering required.
How attack works:
The vulnerability is located in a PHP file called “class-platform-checkout-session.php.” If left unresolved, an attacker could gain unauthorized admin access to impacted stores.
Remediations:
The maintainers of the e-commerce plugin have released patches for the vulnerability, and users are recommended to update to the latest version. Users are also advised to check for newly added admin users, change all administrator passwords, and rotate payment gateway and WooCommerce API keys.
Reference:
The vulnerability was discovered by Sucuri researcher Ben Martin and reported in an advisory on March 23, 2023.