A critical vulnerability in the WooCommerce Stripe Payment Gateway plugin exposes hundreds of thousands of ecommerce websites to potential attacks. Tracked as CVE-2023-34000, the issue is an unauthenticated insecure direct object reference (IDOR) bug that allows unauthorized access to user-provided information during the ordering process. The flaw arises from inadequate access control in the ‘javascript_params’ and ‘payment_fields’ functions. The vulnerability has been resolved in the latest version of the plugin, but its widespread use (over 900,000 active installations) poses a significant risk to affected websites that haven’t updated to the patched version.

Read more: https://www.securityweek.com/hundreds-of-thousands-of-ecommerce-sites-impacted-by-critical-plugin-vulnerability/