Wordfence warned that large-scale attacks are under way against a vulnerability (CVE-2023-28121) in the in the WooCommerce Payments WordPress plugin.
The flaw in the plugin, which is installed on over 600,000 sites, gives attackers authentication bypass so they can impersonate arbitrary users, and perform some actions, including as an administrator, potentially leading to site takeover.
Wordfence says patches for the bug were released by WooCommerce in March 2023, and WordPress has issued auto-updates to sites using affected versions of the plugin.
It is costly for us to have our systems down and really appreciate the speed that your team respond to any issue we have. I don’t believe we have had any problems which you have not been resolved.
- Warren Patmore -