Metasploit Weekly Wrap-Up
Discription

## Authentication bypass in WordPress Plugin WooCommerce Payments

![Metasploit Weekly Wrap-Up](https://blog.rapid7.com/content/images/2023/07/metasploit-sky.png)

This week’s Metasploit release includes a module for `CVE-2023-28121` by [h00die](). This module can be used against any wordpress instance that uses WooCommerce payments < 5.6.1. This module exploits an auth by-pass vulnerability in the WooCommerce WordPress plugin. You can simply add a header to execute the bypass and use the API to create a new admin user in WordPress.

## New module content (3)

### WordPress Plugin WooCommerce Payments Unauthenticated Admin Creation

Authors: Julien Ahrens, Michael Mazzolini, and h00die
Type: Auxiliary
Pull request: [#18164]() contributed by [h00die]()
AttackerKB reference: [CVE-2023-28121]()

Description: This module exploits an auth by-pass vulnerability in the WooCommerce WordPress plugin. By sending a speciality crafted request to the plugin an attacker can by-pass authentication and then use the WordPress API to create an admin user in WordPress.

### pfSense Restore RRD Data Command Injection

Author: Emir Polat
Type: Exploit
Pull request: [#17861]() contributed by [emirpolatt]()
AttackerKB reference: [CVE-2023-27253]()

Description: This module exploits a vulnerability in pfSense version 2.6.0 and below which allows for authenticated users to execute arbitrary operating systems commands as root.

### SmarterTools SmarterMail less than build 6985 – .NET Deserialization Remote Code Execution

Authors: 1F98D, Ismail E. Dawoodjee, and Soroush Dalili
Type: Exploit
Pull request: [#18170]() contributed by [ismaildawoodjee]()
AttackerKB reference: [CVE-2019-7214]()

Description: Adds a new module for SmarterMail Build 6985 – dotNET Deserialization Remote Code Execution (CVE-2019-7214). The vulnerability affects SmarterTools SmarterMail Version less than or equal to 16.3.6989.16341 (all legacy versions without a build number), or SmarterTools SmarterMail Build less than 6985.

## Enhancements and features (0)

None

## Bugs fixed (0)

None

## Documentation added (2)

* [#18177]() from [ismaildawoodjee]() – Updates the Wiki to use `https://metasploit.com/download` instead of `https://metasploit.com/download`.
* [#18181]() from [hahwul]() – Updates broken links in the Wiki.

You can always find more documentation on our docsite at [docs.metasploit.com]().

## Get it

As always, you can update to the latest Metasploit Framework with `msfupdate`
and you can get more details on the changes since the last blog post from
GitHub:

* [Pull Requests 6.3.24…6.3.25]()
* [Full diff 6.3.24…6.3.25]()

If you are a `git` user, you can clone the [Metasploit Framework repo]() (master branch) for the latest.
To install fresh without using git, you can use the open-source-only [Nightly Installers]() or the
[binary installers]() (which also include the commercial edition).Read More

Back to Main

Subscribe for the latest news: