Missing Authorization vulnerability in WooCommerce Stripe Payment Gateway
CVE-2023-35049

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: WooCommerce Stripe Payment Gateway
Vendor: CVE Published:; 19 June 2024

Summary

A missing authorization vulnerability in the WooCommerce Stripe Payment Gateway poses significant risks, allowing unauthorized users to gain access without the necessary permissions. This issue affects users from earlier versions up to 7.4.0, making it crucial for businesses to stay vigilant about plugin updates and security patches to mitigate potential exploitation.

Affected Version(s)

WooCommerce Stripe Payment Gateway <= 7.4.0

References

https://patchstack.com/database/vulnerability/woocommerce...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 19, 2024
Vulnerability Reserved
Jun 12, 2023

Credit

Rafie Muhammad (Patchstack)