A security flaw has been uncovered in the WooCommerce Stripe Gateway WordPress plugin that could lead to the unauthorized disclosure of sensitive information.
The flaw, tracked as CVE-2023-34000, impacts versions 7.4.0 and below. It was addressed by the plugin maintainers in version 7.4.1, which shipped on May 30, 2023.
WooCommerce Stripe Gateway allows e-commerce websites to directly accept various payment methods through Stripe’s payment processing API. It boasts of over 900,000 active installations.
According to Patchstack security researcher Rafie Muhammad, the plugin suffers from what’s called an unauthenticated Insecure direct object references (IDOR) vulnerability, which allows a bad actor to bypass authorization and access resources.
images from Hacker News