Description
WordPress Plugin WooCommerce Blocks is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently create accounts via checkout block request. WordPress Plugin WooCommerce Blocks version 3.7.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.7.1 or latest
References
https://developer.woocommerce.com/2020/11/05/developer-advisory-spam-orders-and-accounts-from-bots/
https://plugins.svn.wordpress.org/woo-gutenberg-products-block/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin WP Maintenance Cross-Site Request Forgery (5.0.5)
Envoy Proxy Uncontrolled Recursion Vulnerability (CVE-2022-23606)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-13258)
Magento XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2021-21019)