Start your day with intelligence. Get The OODA Daily Pulse.

Hundreds of Thousands of eCommerce Sites Impacted by Critical Plugin Vulnerability

The WooCommerce Stripe Payment Gateway plugin has a critical flaw that could expose hundreds of thousands of online stores. Called CVE-2023-34000, the vulnerability is an unauthenticated insecure direct object reference (IDOR) bug that could lead to information leaks. The bug allows attackers to view all information input during the online purchase process including personal, financial, and location data.

The flaw is attributed to the ‘javascript_params’ and ‘payment_fields’ functions which lack proper data security protocols. Patchstack, a WordPress security company, explained that attackers can exploit the lack of order ownership authentication to view personal information. The bug was patched on May 30 under WooCommerce Stripe Gateway version 7.4.1. A large percentage of the over 900,000 plugin installations could remain vulnerable to attacks if they remain outdated.

Read More:

https://www.securityweek.com/hundreds-of-thousands-of-ecommerce-sites-impacted-by-critical-plugin-vulnerability/