Unrated severityNVD Advisory· Published Aug 18, 2023· Updated Feb 5, 2025
CVE-2023-4040
CVE-2023-4040
Description
The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_callback_handler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order status of arbitrary WooCommerce orders.
Affected products
2<=3.7.9+ 1 more
- (no CPE)range: <=3.7.9
- (no CPE)range: 3.7.9
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.