A critical vulnerability in the WooCommerce Stripe Payment Gateway plugin exposes hundreds of thousands of ecommerce websites to potential attacks. Tracked as CVE-2023-34000, the issue is an unauthenticated insecure direct object reference (IDOR) bug that allows unauthorized access to user-provided information during the ordering process. The flaw arises from inadequate access control in the ‘javascript_params’ and ‘payment_fields’ functions. The vulnerability has been resolved in the latest version of the plugin, but its widespread use (over 900,000 active installations) poses a significant risk to affected websites that haven’t updated to the patched version.
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.