The WordPress Stripe Payment Gateway plugin has been vulnerable to Unauthenticated Insecure Direct Object Reference (IDOR) Vulnerability. WooCommerce developed this plugin.
The plugin version is 7.4.1 and has nearly 900K installations worldwide. Usually, payments are redirected to externally hosted checkout pages where the checkout and payment process happens.
The use of this plugin is to make customers stay on the wordpress site during the payment.
CVE-2023-34000: IDOR vulnerability in WooCommerce Stripe Payment Gateway plugin
Exposure of the above data is considered serious and could lead to more attacks, such as scam emails that try to take over accounts and steal credentials.
WooCommerce Stripe Gateway Plugin version 7.4.0 and below
Fixed in Version
WooCommerce Stripe Gateway Plugin version 7.4.1
Due to these flaws in the code, any WooCommerce order information can be viewed by an unauthorized third party without first verifying the legitimacy of the request or the rightful owner of the order.
Statistics compiled by WordPress.org show that more than half of all active plugin installations use a vulnerable version.
The necessary updates to address this flaw have been made available by WooCommerce. Users are advised to upgrade to version 7.4.1, which addresses this flaw.
Looking For an All-in-One Multi-OS Patch Management Platform – Try Patch Manager Plus
The post Critical Vulnerability in WordPress Stripe Payment Plugin Exposes Customer Data appeared first on Cyber Security News.
Cyber Security News