## Authentication bypass in WordPress Plugin WooCommerce Payments
![Metasploit Weekly Wrap-Up](https://blog.rapid7.com/content/images/2023/07/metasploit-sky.png)
This week’s Metasploit release includes a module for `CVE-2023-28121` by [h00die](). This module can be used against any wordpress instance that uses WooCommerce payments < 5.6.1. This module exploits an auth by-pass vulnerability in the WooCommerce WordPress plugin. You can simply add a header to execute the bypass and use the API to create a new admin user in WordPress.
## New module content (3)
### WordPress Plugin WooCommerce Payments Unauthenticated Admin Creation
Authors: Julien Ahrens, Michael Mazzolini, and h00die
Type: Auxiliary
Pull request: [#18164]() contributed by [h00die]()
AttackerKB reference: [CVE-2023-28121]()
Description: This module exploits an auth by-pass vulnerability in the WooCommerce WordPress plugin. By sending a speciality crafted request to the plugin an attacker can by-pass authentication and then use the WordPress API to create an admin user in WordPress.
### pfSense Restore RRD Data Command Injection
Author: Emir Polat
Type: Exploit
Pull request: [#17861]() contributed by [emirpolatt]()
AttackerKB reference: [CVE-2023-27253]()
Description: This module exploits a vulnerability in pfSense version 2.6.0 and below which allows for authenticated users to execute arbitrary operating systems commands as root.
### SmarterTools SmarterMail less than build 6985 – .NET Deserialization Remote Code Execution
Authors: 1F98D, Ismail E. Dawoodjee, and Soroush Dalili
Type: Exploit
Pull request: [#18170]() contributed by [ismaildawoodjee]()
AttackerKB reference: [CVE-2019-7214]()
Description: Adds a new module for SmarterMail Build 6985 – dotNET Deserialization Remote Code Execution (CVE-2019-7214). The vulnerability affects SmarterTools SmarterMail Version less than or equal to 16.3.6989.16341 (all legacy versions without a build number), or SmarterTools SmarterMail Build less than 6985.
## Enhancements and features (0)
None
## Bugs fixed (0)
None
## Documentation added (2)
* [#18177]() from [ismaildawoodjee]() – Updates the Wiki to use `https://metasploit.com/download` instead of `https://metasploit.com/download`.
* [#18181]() from [hahwul]() – Updates broken links in the Wiki.
You can always find more documentation on our docsite at [docs.metasploit.com]().
## Get it
As always, you can update to the latest Metasploit Framework with `msfupdate`
and you can get more details on the changes since the last blog post from
GitHub:
* [Pull Requests 6.3.24…6.3.25]()
* [Full diff 6.3.24…6.3.25]()
If you are a `git` user, you can clone the [Metasploit Framework repo]() (master branch) for the latest.
To install fresh without using git, you can use the open-source-only [Nightly Installers]() or the
[binary installers]() (which also include the commercial edition).Read More
References
Back to Main