WordPress customers who’ve put in the WooCommerce Stripe Gateway Plugin are being urged to replace to no less than model 7.4.1 following the information of a serious vulnerability doubtlessly exposing customers’ PII information.
The vulnerability, assigned CVE-2023-34000, pertains to the free model of the WooCommerce Stripe Gateway plugin, particularly variations 7.4.0 and under. The favored ecommerce plugin has amassed greater than 900,000 lively installations, making the severity of the bug notably alarming.
As a result of the plugin permits clients to course of funds on their chosen enterprise’s personal WordPress web page, fairly than being diverted to an externally hosted web page, the Stripe plugin has confirmed notably well-liked.
Replace Stripe WordPress plugin now
The trigger for concern for CVE-2023-34000 is that any unauthenticated person has been capable of entry the PII information from any WooCommerce order, together with e mail addresses, names, and full addresses.
Credited with first discovering the vulnerability, WordPress safety service supplier Patchstack notified the plugin vendor means again on April 17, however it wasn’t till simply over six weeks later that model 7.4.1 was launched to patch the problem.
The changelog for model 7.4.1 consists of two entries: “Add Order Key Validation,” and “Add sanitization and escaping some outputs.”
Regardless of the safety scare, the fee plugin stays a staple for a lot of ecommerce companies who select WordPress, for its means to course of Visa, MasterCard, and American Categorical funds – together with by way of Apple Pay – by way of Stripe’s API.
WooCommerce didn’t instantly reply to TechRadar Professional’s request for touch upon the vulnerability which took a number of weeks to repair.
