PT-2023-23402 · Woocommerce · Stripe Payment Plugin For Woocommerce
István Márton
+1
·
Published
2023-08-02
·
Updated
2023-09-01
·
CVE-2023-3162
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Stripe Payment Plugin for WooCommerce versions up to, and including, 3.7.7
Description
The issue is related to authentication bypass due to insufficient verification of the user being supplied during a Stripe checkout through the plugin. This allows unauthenticated attackers to log in as users who have orders, typically customers.
Recommendations
For versions up to, and including, 3.7.7, update to a version higher than 3.7.7 to resolve the issue. As a temporary workaround, consider restricting access to the Stripe checkout functionality to minimize the risk of exploitation.
Fix
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Stripe Payment Plugin For Woocommerce