News

Critical Vulnerability in WooCommerce Stripe Gateway WordPress Plugin Threatens Hundreds of Thousands of Websites

Security Parrot Editorial Team

Vulnerability Discovered in Popular WordPress WooCommerce Stripe Gateway Plugin

A serious vulnerability has been discovered in the popular WordPress WooCommerce Stripe Gateway plugin, which could lead to the leakage of confidential information. Any unauthenticated user can view the details of orders placed through the plugin, including users’ personal information, their email addresses, shipping addresses, and full name.

What is the WooCommerce Stripe Payment Plugin?

WooCommerce Stripe Payment is a payment gateway for e-commerce sites powered by WordPress. It allows websites to accept payment methods such as Visa, MasterCard, American Express, Apple Pay, and Google Pay through the Stripe payment processing API. The plugin currently has over 900,000 active installs.

What is the Vulnerability?

Patchstack analysts have discovered that the plugin is vulnerable to CVE-2023-34000, an Insecure direct object references (IDOR) type issue, which may lead to the disclosure of sensitive data. The problem is related to insecure processing of order objects and the lack of an adequate access control mechanism in the javascript_params and payment_fields functions. As a result, these functions can be abused to display details of any orders without checking query permissions or user mapping.
The vulnerability is reported to affect all versions of the WooCommerce Stripe Gateway below 7.4.1, to which users are advised to upgrade. The revised version 7.4.1 was released on May 30, 2023.

What Can Be Done to Protect Against the Vulnerability?

The best way to protect against this vulnerability is to upgrade to the latest version of the WooCommerce Stripe Gateway plugin. This will ensure that the plugin is up-to-date and secure. Additionally, users should ensure that their WordPress website is running the latest version of WordPress and that all plugins and themes are up-to-date.
It is also important to ensure that the website is properly configured and secured. This includes setting up strong passwords, using two-factor authentication, and using a web application firewall. Additionally, users should ensure that their website is regularly scanned for malware and other security threats.
Finally, users should be aware of the risks associated with using third-party plugins and themes. It is important to ensure that these plugins and themes are from reputable sources and are regularly updated. Additionally, users should be aware of the risks associated with using plugins and themes that are not regularly updated.
The vulnerability discovered in the popular WordPress WooCommerce Stripe Gateway plugin is a serious issue that could lead to the leakage of confidential information. It is important for users to ensure that their websites are secure and up-to-date in order to protect against this vulnerability. Upgrading to the latest version of the WooCommerce Stripe Gateway plugin, as well as ensuring that all plugins and themes are up-to-date, is the best way to protect against this vulnerability. Additionally, users should ensure that their website is properly configured and secured, and that they are aware of the risks associated with using third-party plugins and themes.

Weekly Updates For Our Loyal Readers!

Share this Article
Lost your password?