WordPress WP Stripe Checkout Plugin <= 1.2.2.37 is vulnerable to Sensitive Data Exposure
CVE-2023-52143

7.5HIGH

Key Information:

Vendor: WordPress
Status: WP Stripe Checkout
Vendor: CVE Published:; 5 January 2024

Summary

A vulnerability exists in the WP Stripe Checkout plugin by Naa986 that allows unauthorized actors to access sensitive information. This issue arises from the exposure of data through log files, potentially compromising user privacy and security. Systems running versions prior to 1.2.2.37 are at risk, emphasizing the need for timely updates and security measures to safeguard confidential data.

Affected Version(s)

WP Stripe Checkout <= 1.2.2.37

References

https://patchstack.com/database/vulnerability/wp-stripe-c...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 5, 2024
Vulnerability Reserved
Dec 28, 2023

Credit

Joshua Chan (Patchstack Alliance)