Home Latest Cyber Security News | Network Security Hacking Stripe Payment Gateway Plugin Patched Serious IDOR Flaw
Latest Cyber Security News | Network Security HackingNewsVulnerabilities

Stripe Payment Gateway Plugin Patched Serious IDOR Flaw

by Abeerah Hashim
written by Abeerah Hashim
LayerSlider WordPress plugin had an SQL injection vulnerability

A critical security flaw in the WooCommerce plugin Stripe Payment Gateway risked users’ safety. Exploiting the vulnerability could allow an attacker to pilfer the payments directly from the platform and steal other sensitive information. The developers patched the bug and released the security fix with the subsequent plugin version, urging users to update.

Stripe Payment Gateway IDOR Flaw

According to a recent post from Patchstack, a severe security flaw existed in the Stripe Payment Gateway plugin, risking numerous online stores.

Stripe Payment Gateway is a popular WooCommerce plugin empowering online stores to manage payments directly from Stripe API. The plugin currently boasts over 900,000 active installs. That means any vulnerabilities in this plugin if exploited, could directly impact thousands of online stores globally.

Patchstack reported that the plugin API exhibited an Unauthenticated Insecure Direct Object Reference (IDOR) vulnerability. The flaw typically existed due to the lack of proper control access on the javascript_params and payment_fields functions. Exploiting this vulnerability could let an unauthenticated attacker view and access any target users’ names, email addresses, complete addresses, and sensitive financial information.

This vulnerability affected all Stripe Payment Gateway versions before and including 7.4.0. Upon discovering the flaw, Patchstack reported the issue to the plugin developers in April 2023. Then, within a few days, the plugin team released the bug fix with the plugin version 7.4.1 on May 30, 2023.

After waiting for a couple of weeks for the latest plugin release to roll out, Patchstack has now published the details about their findings following the responsible vulnerability disclosure.

Now that the patch has been released, all WordPress admins running Stripe Payment Gateway plugin on their sites must update their stores with the latest plugin release as soon as possible. Such updates are always crucial for online store managers since any security breaches affecting their customers’ data not only impact their customers but also cause a major blow to the store’s credibility and customers’ trust.

Let us know your thoughts in the comments.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Multiple Vulnerabilities Found In Forminator WordPress Plugin

Palo Alto Networks Patched A Pan-OS Vulnerability Under...

Apple Removed Numerous Apps From China App Store

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...