CVE-2023-4040

Name of the Vulnerable Software and Affected Versions The Stripe Payment Plugin for WooCommerce plugin for WordPress versions up to, and including, 3.7.9

Description The issue is related to unauthorized modification of data due to a missing capability check on the eh callback handler function. This allows unauthenticated attackers to modify the order status of arbitrary WooCommerce orders.

Recommendations For versions up to, and including, 3.7.9, update to a version higher than 3.7.9 to resolve the issue. As a temporary workaround, consider disabling the eh callback handler function until a patch is available.