Authentication Bypass in Stripe Payment Plugin for WooCommerce by WordPress
CVE-2023-3162

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Stripe Payment Plugin For WooCommerce
Vendor: CVE Published:; 31 August 2023

What is CVE-2023-3162?

The Stripe Payment Plugin for WooCommerce on WordPress is susceptible to an authentication bypass, allowing unauthenticated users to gain access to accounts that have active orders. This vulnerability stems from inadequate verification processes during user authentication in Stripe's checkout system via the plugin. Attackers can exploit this flaw to log in as legitimate users, potentially compromising sensitive information and affecting user security.

Affected Version(s)

Stripe Payment Plugin for WooCommerce * <= 3.7.7

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/payment-gatewa...

https://plugins.trac.wordpress.org/changeset/2925361/paym...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 31, 2023
Vulnerability Reserved
Jun 8, 2023

Credit

Lana Codes

Wordpress

What is CVE-2023-3162?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit