Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2023-3162
PUBLISHEDThe Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This...
- Vendor
- webtoffee
- Product
- Stripe Payment Plugin for WooCommerce
- Published
- Aug 31, 2023
- EPSS
- 0.4% · 58% pctl
Description
The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This is due to insufficient verification on the user being supplied during a Stripe checkout through the plugin. This allows unauthenticated attackers to log in as users who have orders, who are typically customers.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitation status
Exploited in the wild
Recorded 2023-08-01 07:50:22 UTC · Source
SSVC decision points
- Exploitation
- none
- Automatable
- Yes
- Technical impact
- total
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/4d052f3e-8554-43f0-a5ae-1de09c198d7b?source=cve
- https://plugins.trac.wordpress.org/browser/payment-gateway-stripe-and-woocommerce-integration/tags/3.7.7/includes/class-stripe-checkout.php#L640
- https://plugins.trac.wordpress.org/changeset/2925361/payment-gateway-stripe-and-woocommerce-integration
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| Wordfence | Aug 01, 2023 |
Timeline
-
CVE ID Reserved
-
Added to KEVIntel
-
CVE Published to Public