Log out
Get PRO

Latest

Authentication vulnerability in Stripe Payment Plugin for WooCommerce 3.7.7

  • Severity: critical
  • Status: Fixed
  • Publication: August 1, 2023

The Stripe Payment Plugin for WooCommerce is a plugin for WordPress websites that lets customers make payments through the Stripe payment system. Unfortunately, versions up to 3.7.7 have a security issue that could let unauthenticated attackers gain access to customers’ accounts. This is because the plugin does not properly verify the user when they check out through Stripe. This means that attackers could log in to accounts of customers who have already made orders.

Detected in:

Payment Gateway for Stripe and for WooCommerce fixed vulnerable versions:
Stripe Payment Gateway for WooCommerce fixed vulnerable versions:
Stripe Payment Plugin for WooCommerce fixed vulnerable versions: >= * <= 3.7.7

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.