Security News > 2023 > June > Critical Security Vulnerability Discovered in WooCommerce Stripe Gateway Plugin

A security flaw has been uncovered in the WooCommerce Stripe Gateway WordPress plugin that could lead to the unauthorized disclosure of sensitive information.
WooCommerce Stripe Gateway allows e-commerce websites to directly accept various payment methods through Stripe's payment processing API. It boasts of over 900,000 active installations.
According to Patch security researcher Rafie Muhammad, the plugin suffers from what's called an unauthenticated Insecure direct object references vulnerability, which allows a bad actor to bypass authorization and access resources.
Specially, the problem stems from the insecure handling of order objects and a lack of adequate access control mechanism in the plugin's 'javascript params' and 'payment fields' functions of the plugin.
"This vulnerability allows any unauthenticated user to view any WooCommnerce order's PII data including email, user's name, and full address," Muhammad said.
The development comes weeks after the WordPress core team released 6.2.1 and 6.2.2 to address five security issues, including an unauthenticated directory traversal vulnerability and an unauthenticated cross-site scripting flaw, three of which were uncovered during a third-party security audit.
News URL
https://thehackernews.com/2023/06/critical-security-vulnerability.html
Related news
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- Don't Overlook These 6 Critical Okta Security Configurations (source)
- Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability (source)
- 89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals (source)
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)
- IBM scores perfect 10 ... vulnerability in mission-critical OS AIX (source)