Vulnerabilities > CVE-2023-51502 - Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woocommerce Stripe 7.6.1

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

automattic

CWE-639

critical

NVD

Published: 2024-01-05

Updated: 2024-01-11

Summary

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1.

Vulnerable Configurations

Part	Description	Count
Application	Automattic Automattic Woocommerce Stripe 7.6.1	1

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://patchstack.com/database/vulnerability/woocommerce-gateway-stripe/wordpress-woocommerce-stripe-gateway-plugin-7-6-1-unauthenticated-insecure-direct-object-references-idor-vulnerability?_s_id=cve