A critical security vulnerability has been discovered in the WooCommerce Stripe Gateway Plugin

A critical security vulnerability has been discovered in the WooCommerce

June 14, 2023Ravi LakshmanaSite Security / Hacking

WooCommerce Stripe Gateway

A security flaw has been discovered in the WooCommerce Stripe Gateway WordPress plugin that could lead to the unauthorized disclosure of sensitive information.

The disadvantage that is considered as CVE-2023-34000, affects versions 7.4.0 and below. It was addressed by the plugin maintainers in version 7.4.1, which shipped on May 30, 2023.

WooCommerce Stripe Gateway allows e-commerce sites to directly accept various payment methods through Stripe's payment processing API. It boasts over 900,000 active installations.

According to Patchstack security researcher Rafi Mohammed, the app suffers from what is called an unauthenticated Insecure direct object references (IDOR) vulnerability, which allows a bad actor to bypass authorization and access resources.

Cyber ​​security

Specifically, the issue stems from insecure processing of order objects and the lack of an appropriate access control mechanism in the application's javascript_params and payment_fields functions.

“This vulnerability allows any unauthenticated user to view WooCommnerce order PII data, including email, username and full address,” said Mohammed.

The development comes weeks after the core WordPress team released versions 6.2.1 and 6.2.2 to address five security issues, including an unauthenticated directory traversal vulnerability and an unauthenticated cross-site scripting flaw. Three of the bugs were discovered during a third-party security audit.

Is this article interesting? Follow us Twitter: and LinkedIn to read more exclusive content we publish.

READ  Founder decides to stop development - WP Tavern

Leave a Reply

Your email address will not be published. Required fields are marked *