CVE-2021-39347

Name of the Vulnerable Software and Affected Versions: Stripe for WooCommerce WordPress plugin versions 3.0.0 through 3.3.9

Description: The issue is related to a missing capability check on the save() function found in the ~/includes/admin/class-wc-stripe-admin-user-edit.php file. This allows attackers to configure their account to use other site users' unique STRIPE identifier and make purchases with their payment accounts.

Recommendations: For versions 3.0.0 through 3.3.9, as a temporary workaround, consider disabling the save() function in the class-wc-stripe-admin-user-edit.php file until a patch is available. Restrict access to the ~/includes/admin/class-wc-stripe-admin-user-edit.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.