WooCommerce Stripe Gateway exposes security flaw in pluginA security flaw has been uncovered in the WooCommerce Strip Gateway WordPress plugin that could lead to the unauthorized disclosure of sensitive information.
According to security researcher Rafie Muhammad, the plugin suffers from what’s called an unauthenticated insecure direct object references (IDOR) vulnerability.
This vulnerability allows a bad actor to view any WooCommnerce order’s PII data including email, user’s name, and full address.
It was addressed by the plugin maintainers in version 7.4.1, which shipped on May 30, 2023.
The plugin allows e-commerce websites to directly accept various payment methods through Stripe’s payment processing API.Muhammad explains that the vulnerability allows malicious actors to bypass authorization and access resources.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply