The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_callback_handler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order status of arbitrary WooCommerce orders.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Stripe_payment_plugin_for_woocommerce | Webtoffee | * | 3.8.0 (excluding) |
References
- https://plugins.trac.wordpress.org/changeset/2954934/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ef543c61-2acc-4b72-81ff-883960d4c7c3?source=cve
- https://plugins.trac.wordpress.org/changeset/2954934/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ef543c61-2acc-4b72-81ff-883960d4c7c3?source=cve