Description
WordPress Plugin WooCommerce Blocks is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently create accounts via checkout block request. WordPress Plugin WooCommerce Blocks version 3.7.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.7.1 or latest
References
https://developer.woocommerce.com/2020/11/05/developer-advisory-spam-orders-and-accounts-from-bots/
https://plugins.svn.wordpress.org/woo-gutenberg-products-block/trunk/readme.txt
Related Vulnerabilities
Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.6)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2021-4104)
WordPress Plugin Appointment Hour Booking-WordPress Booking Cross-Site Scripting (1.3.15)
WordPress Plugin YITH WooCommerce Authorize.net Payment Gateway Security Bypass (1.1.12)