WordPress users who have installed the WooCommerce Stripe Gateway Plugin are being urged to update to at least version 7.4.1 following the news of a major vulnerability potentially exposing users’ PII data.
The vulnerability, assigned CVE-2023-34000, relates to the free version of the WooCommerce Stripe Gateway plugin, specifically versions 7.4.0 and below. The popular ecommerce plugin has amassed more than 900,000 active installations, making the severity of the bug particularly alarming.
Because the plugin allows customers to process payments on their chosen business’s own WordPress page, rather than being diverted to an externally hosted page, the Stripe plugin has proven particularly popular.
Update Stripe WordPress plugin now
The cause for concern for CVE-2023-34000 is that any unauthenticated user has been able to access the PII data from any WooCommerce order, including email addresses, names, and full addresses.
Credited with first finding the vulnerability, WordPress security service provider Patchstack notified the plugin vendor way back on April 17, but it wasn’t until just over six weeks later that version 7.4.1 was released to patch the issue.
The changelog for version 7.4.1 includes two entries: “Add Order Key Validation,” and “Add sanitization and escaping some outputs.”
Despite the security scare, the payment plugin remains a staple for many ecommerce businesses who choose WordPress, for its ability to process Visa, MasterCard, and American Express payments – including via Apple Pay – via Stripe’s API.
WooCommerce did not immediately respond to TechRadar Pro’s request for comment on the vulnerability which took several weeks to fix.
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba