WooCommerce Stripe Payment
WooCommerce Strip Payment is a payment gateway for WordPress e-commerce sites, with 900,000 active installs. Through Stripe’s payment processing API, it enables websites to accept payment methods like Visa, MasterCard, American Express, Apple Pay, and Google Pay.
About the Vulnerability
Origin of the Flaw
The vulnerability originated from unsafe handling of order objects and an improper access control measures in the plugin’s ‘javascript_params’ and ‘payment_fields’ functions.
Due to these coding errors, it is possible to display order data for any WooCommerce store without first confirming the request’s permissions or the order’s ownership (user matching).
Consequences of the Flaw
The payment gateway vulnerability could eventually enable unauthorized users access to the checkout page data that includes PII (personally identifiable information), email a
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: