Description

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_callback_handler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order status of arbitrary WooCommerce orders.

Related CPE's

a

webtoffee

stripe_payment_plugin_for_woocommerce

*

*

*

*

*

wordpress

Vulnerable

References

https://plugins.trac.wordpress.org/changeset/2954934/

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/ef543c61-2acc-4b72-81ff-883960d4c7c3?source=cve

Third Party Advisory

Weaknesses

Could not find any weaknesses

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5.3 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-08-18T07:15:09.117

11 months ago

Last modified

2023-11-07T04:22:04.223

8 months ago