WordPress Stripe For WooCommerce plugin 3.0.0 – 3.3.9 - Missing Authorization Controls to Financial Account Hijacking vulnerability

woo-stripe-payment

Software
Stripe For WooCommerce
Vulnerable Versions
3.0.0-3.3.9
Fixed in version
3.3.10
Classification
Other Vulnerability Type
OWASP Top 10
A2: Broken Authentication and Session Management
Disclosure Date
2021-10-01
CVSS 3.0 score

4.3

Medium

Registered customer account required.

Are your websites subject to this vulnerability?

Details

Missing Authorization Controls to Financial Account Hijacking vulnerability discovered by Margaux DABERT (Intrinsec) in WordPress Stripe For WooCommerce plugin (versions 3.0.0 – 3.3.9).

Solution

Update the WordPress Stripe For WooCommerce plugin to the latest available version (at least 3.3.10).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.