WooCommerce Payments < 5.6.2 - Unauthenticated Privilege Escalation [ Mass Add Admin User ]
- This script using Python3 and use threading for better process speed. The script has ben updated to 2 version. V1 is the old version and V2 the newer version with random username, email and password string. After you get some results dont forget to change your email in wordpress user dashboard. Dont use many threads if your machine is potato-end xD.
- For installing requirements, do
pip install -r requirements.txt
- https://wpscan.com/vulnerability/0f78a245-866c-462e-bd23-43dfadb57072
- https://www.rcesecurity.com/2023/07/patch-diffing-cve-2023-28121-to-compromise-a-woocommerce
- https://developer.woocommerce.com/2023/03/23/critical-vulnerability-detected-in-woocommerce-payments-what-you-need-to-know
- rapid7/metasploit-framework#18159
- https://github.com/killvxk/POCS/blob/c22d5834686fcbd8ed21bf4de965447962d0ecc0/CVE-2023-28121#L4
- https://github.com/gbrsh/CVE-2023-28121