A security flaw has been uncovered in the WooCommerce Stripe Gateway WordPress plugin that could lead to the unauthorized disclosure of delicate details.
The flaw, tracked as CVE-2023-34000, impacts versions 7.4. and below. It was addressed by the plugin maintainers in version 7.4.1, which delivered on May perhaps 30, 2023.
WooCommerce Stripe Gateway makes it possible for e-commerce web-sites to instantly acknowledge a variety of payment solutions through Stripe’s payment processing API. It features of over 900,000 active installations.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
In accordance to Patch security researcher Rafie Muhammad, the plugin suffers from what is named an unauthenticated Insecure immediate item references (IDOR) vulnerability, which allows a lousy actor to bypass authorization and access sources.
Specially, the challenge stems from the insecure dealing with of get objects and a absence of ample access command mechanism in the plugin’s ‘javascript_params’ and ‘payment_fields’ capabilities of the plugin.
“This vulnerability permits any unauthenticated user to watch any WooCommnerce order’s PII details including email, user’s identify, and full deal with,” Muhammad reported.
The improvement will come months soon after the WordPress core workforce introduced 6.2.1 and 6.2.2 to deal with five security issues, which includes an unauthenticated directory traversal vulnerability and an unauthenticated cross-web site scripting flaw, 3 of which had been uncovered for the duration of a third-party security audit.
Found this article exciting? Abide by us on Twitter and LinkedIn to read much more special material we post.
Some sections of this post are sourced from:
thehackernews.com
Microsoft Releases Updates to Patch Critical Flaws in Windows and Other Software