Critical Security Flaw Found in WooCommerce Stripe Gateway Plugin
June 14, 2023
A critical security vulnerability has been discovered in the WooCommerce Stripe Gateway WordPress plugin, potentially leading to unauthorized disclosure of sensitive data. The security flaw, identified as CVE-2023-34000, affects plugin versions 7.4.0 and below. The issue was resolved by the plugin's maintainers with the release of version 7.4.1 on May 30, 2023. WooCommerce Stripe Gateway is a popular plugin, with over 900,000 active installations, enabling e-commerce websites to accept various payment methods via Stripe's payment processing API.
This discovery comes shortly after the WordPress core team released versions 6.2.1 and 6.2.2 to address five security issues, including an unauthenticated directory traversal vulnerability and an unauthenticated cross-site scripting flaw. Three of these vulnerabilities were found during a third-party security audit.
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.
By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.
Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.