The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_callback_handler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order status of arbitrary WooCommerce orders.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:34
Type | Values Removed | Values Added |
---|---|---|
References | () https://plugins.trac.wordpress.org/changeset/2954934/ - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/ef543c61-2acc-4b72-81ff-883960d4c7c3?source=cve - Third Party Advisory | |
Summary |
|
07 Nov 2023, 04:22
Type | Values Removed | Values Added |
---|---|---|
CWE |
23 Aug 2023, 16:50
Type | Values Removed | Values Added |
---|---|---|
First Time |
Webtoffee
Webtoffee stripe Payment Plugin For Woocommerce |
|
CPE | cpe:2.3:a:webtoffee:stripe_payment_plugin_for_woocommerce:*:*:*:*:*:wordpress:*:* | |
References | (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/ef543c61-2acc-4b72-81ff-883960d4c7c3?source=cve - Third Party Advisory | |
References | (MISC) https://plugins.trac.wordpress.org/changeset/2954934/ - Patch |
18 Aug 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-18 07:15
Updated : 2024-11-21 08:34
NVD link : CVE-2023-4040
Mitre link : CVE-2023-4040
CVE.ORG link : CVE-2023-4040
JSON object : View
Products Affected
webtoffee
- stripe_payment_plugin_for_woocommerce
CWE
No CWE.