PT-2025-37021 · WordPress · Checkout Plugins Stripe Payments For Woocommerce
Peter Thaleikis
·
Published
2025-09-10
·
Updated
2025-09-10
·
CVE-2025-9463
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net versions prior to 1.117.6
Description:
The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for WordPress is vulnerable to time-based SQL Injection via the
order by parameter. Insufficient escaping of user-supplied parameters and a lack of sufficient preparation on the existing SQL query allows authenticated attackers with Subscriber-level access and above to append additional SQL queries to existing queries, potentially extracting sensitive information from the database.Recommendations:
Update to Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net version 1.117.6 or later.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Checkout Plugins Stripe Payments For Woocommerce