Log out
Get PRO

Latest

Access violation vulnerability in Stripe Payment Plugin for WooCommerce 3.7.9

  • Severity: medium-risk
  • Status: Fixed
  • Publication: August 17, 2023

The Stripe Payment Plugin for WooCommerce is a plugin for WordPress that allows users to pay with Stripe on their WooCommerce store. A security vulnerability has been discovered in versions up to, and including, 3.7.9 that allows unauthenticated attackers to modify the order status of any WooCommerce orders. This is because the plugin fails to check for the correct authorization when using the eh_callback_handler function. It is important to update the Stripe Payment Plugin for WooCommerce to the latest version in order to fix this vulnerability.

Detected in:

Payment Gateway for Stripe and for WooCommerce fixed vulnerable versions:
Stripe Payment Gateway for WooCommerce fixed vulnerable versions:
Stripe Payment Plugin for WooCommerce fixed vulnerable versions: >= 3.7.9 <= 3.7.9

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.