Lucene search
PRIOn knowledge basePRION:CVE-2023-3162HistoryAug 31, 2023 - 6:15 a.m.
Authentication flaw
2023-08-3106:15:00
PRIOn knowledge base
www.prio-n.com
7
woocommerce
wordpress
authentication bypass
vulnerability
stripe payment plugin
The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This is due to insufficient verification on the user being supplied during a Stripe checkout through the plugin. This allows unauthenticated attackers to log in as users who have orders, who are typically customers.
| CPE | Name | Operator | Version |
|---|---|---|---|
| stripe_payment_plugin_for_woocommerce | le | 3.7.7 |
References
plugins.trac.wordpress.org/browser/payment-gateway-stripe-and-woocommerce-integration/tags/3.7.7/includes/class-stripe-checkout.php
plugins.trac.wordpress.org/changeset/2925361/payment-gateway-stripe-and-woocommerce-integration
www.wordfence.com/threat-intel/vulnerabilities/id/4d052f3e-8554-43f0-a5ae-1de09c198d7b?source=cve
Related
wordfence
wordfence
WebToffee Addresses Authentication Bypass Vulnerability in Stripe Payment Plugin for WooCommerce WordPress Plugin
2023-08-01 14:50:22
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 31, 2023 to August 6, 2023)
2023-08-10 12:42:18
2023’s Critical WordPress Vulnerabilities and How They Work
2024-02-12 19:11:21
cve
cve
CVE-2023-3162
2023-08-31 06:15:09
packetstorm
packetstorm
WordPress Stripe Payment Plugin For WooCommerce 3.7.7 Authentication Bypass
2023-08-01 00:00:00
zdt
zdt
cvelist
cvelist
CVE-2023-3162
2023-08-31 05:33:07
nvd
nvd
CVE-2023-3162
2023-08-31 06:15:09
wpvulndb
wpvulndb
Stripe Payment Plugin for WooCommerce < 3.7.8 - Authentication Bypass
2023-08-02 00:00:00