Vulnerabilities and security researches forpayment-gateway-stripe-and-woocommerce-integration

CVE, Research URL: 98c972d5ab38683d48c7d3a7795bbf3384c73f09
Home page URL: Security reports for Stripe Payment Plugin for WooCommerce
Application: Stripe Payment Plugin for WooCommerce
Date: Jun 07, 2021
Research Description: Stripe Payment Plugin for WooCommerce [payment-gateway-stripe-and-woocommerce-integration] < 3.6.0 WordPress Stripe Payment Gateway for WooCommerce plugin <= 3.5.9 - Reflected Cross-Site Scripting (XSS) vulnerability Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress Stripe Payment Gateway for WooCommerce plugin (versions <= 3.5.9).
Affected versions: max 3.6.0.
Status: vulnerable

CVE, Research URL: CVE-2023-3162
Home page URL: Security reports for Stripe Payment Plugin for WooCommerce
Application: Stripe Payment Plugin for WooCommerce
Date: Aug 31, 2023
Research Description: The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This is due to insufficient verification on the user being supplied during a Stripe checkout through the plugin. This allows unauthenticated attackers to log in as users who have orders, who are typically customers.
Affected versions: max 3.6.0.
Status: vulnerable

CVE, Research URL: CVE-2023-4040
Home page URL: Security reports for Stripe Payment Plugin for WooCommerce
Application: Stripe Payment Plugin for WooCommerce
Date: Aug 18, 2023
Research Description: The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_callback_handler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order status of arbitrary WooCommerce orders.
Affected versions: max 3.8.0.
Status: vulnerable

CVE, Research URL: CVE-2024-0705
Home page URL: Security reports for Stripe Payment Plugin for WooCommerce
Application: Stripe Payment Plugin for WooCommerce
Date: Jan 19, 2024
Research Description: The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: max 3.8.0.
Status: vulnerable

Vulnerabilities and security researches forpayment-gateway-stripe-and-woocommerce-integration payment-gateway-stripe-and-woocommerce-integration