The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_callback_handler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order status of arbitrary WooCommerce orders.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: Wordfence
Published: 2023-08-18T06:46:50.887Z
Updated: 2025-02-05T19:35:37.350Z
Reserved: 2023-08-01T12:06:54.305Z
Link: CVE-2023-4040

No data.

Status : Modified
Published: 2023-08-18T07:15:09.117
Modified: 2024-11-21T08:34:16.770
Link: CVE-2023-4040

No data.