CVE-2023-3162

{"id": "CVE-2023-3162", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-08-31T06:15:09.737", "references": [{"url": "https://plugins.trac.wordpress.org/browser/payment-gateway-stripe-and-woocommerce-integration/tags/3.7.7/includes/class-stripe-checkout.php#L640", "tags": ["Patch"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset/2925361/payment-gateway-stripe-and-woocommerce-integration", "tags": ["Patch"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d052f3e-8554-43f0-a5ae-1de09c198d7b?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/payment-gateway-stripe-and-woocommerce-integration/tags/3.7.7/includes/class-stripe-checkout.php#L640", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://plugins.trac.wordpress.org/changeset/2925361/payment-gateway-stripe-and-woocommerce-integration", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d052f3e-8554-43f0-a5ae-1de09c198d7b?source=cve", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-288"}]}], "descriptions": [{"lang": "en", "value": "The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This is due to insufficient verification on the user being supplied during a Stripe checkout through the plugin. This allows unauthenticated attackers to log in as users who have orders, who are typically customers."}, {"lang": "es", "value": "El plugin Stripe Payment Plugin for WooCommerce para WordPress es vulnerable a omisi\u00f3n de autenticaci\u00f3n en versiones hasta la 3.7.7, inclusive. Esto se debe a una verificaci\u00f3n insuficiente del usuario proporcionado durante un proceso de pago de Stripe a trav\u00e9s del plugin. Esto permite a atacantes no autenticados iniciar sesi\u00f3n como usuarios que tienen pedidos, quienes son t\u00edpicamente clientes."}], "lastModified": "2026-04-08T18:18:08.280", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:webtoffee:stripe_payment_plugin_for_woocommerce:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D869C0F7-157C-4275-9389-713838B658A1", "versionEndIncluding": "3.7.7"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}