CVE-2023-28121

The exploit demonstrates an unauthorized admin access vulnerability in WooCommerce Payments by leveraging a flawed endpoint to create an administrator account without authentication. It checks the plugin version and sends a crafted POST request to add a new admin user.

This repository contains functional Python scripts that exploit CVE-2023-28121, an unauthenticated privilege escalation vulnerability in WooCommerce Payments < 5.6.2. The scripts automate the process of adding an administrator user by sending crafted HTTP requests to vulnerable WordPress sites.

This repository contains a functional Python script that exploits CVE-2023-28121, an unauthenticated privilege escalation vulnerability in WooCommerce Payments < 5.6.2. The script checks for vulnerable versions and adds an admin user by sending crafted HTTP requests.

The repository contains a functional Python exploit for CVE-2023-28121, which targets an unauthenticated privilege escalation vulnerability in WooCommerce Payments < 5.6.2. The exploit automates the creation of an administrator account by sending crafted HTTP requests to vulnerable WordPress sites.

The repository contains minimal content with no actual exploit code, only a vague command referencing a non-existent 'main.py' and a Telegram flag, which is a common lure tactic. No technical details about CVE-2023-28121 are provided.

The repository contains a functional Python script that exploits CVE-2023-28121, an authentication bypass vulnerability in WooCommerce Payments (WordPress plugin) versions <= 5.6.1. The exploit sends a crafted POST request to create an administrator user without proper authentication.

The repository contains a functional exploit for CVE-2023-28121, an authentication bypass vulnerability in WooCommerce Payments plugin. The exploit leverages the `X-WCPAY-PLATFORM-CHECKOUT-USER` header to impersonate an administrator and create a new admin user via the WordPress REST API.

This Metasploit module exploits an authentication bypass in WooCommerce Payments plugin (CVE-2023-28121) to create an unauthorized administrator account by leveraging the X-WCPAY-PLATFORM-CHECKOUT-USER header.