WordPress customers who’ve put in the WooCommerce Stripe Gateway Plugin are being urged to replace to not less than model 7.4.1 following the information of a significant vulnerability probably exposing customers’ PII knowledge.

The vulnerability, assigned CVE-2023-34000, pertains to the free model of the WooCommerce Stripe Gateway plugin, particularly variations 7.4.zero and beneath. The favored ecommerce plugin has amassed greater than 900,000 energetic installations, making the severity of the bug notably alarming.

As a result of the plugin permits clients to course of funds on their chosen enterprise’s personal WordPress web page, fairly than being diverted to an externally hosted web page, the Stripe plugin has confirmed notably in style.

Replace Stripe WordPress plugin now

The trigger for concern for CVE-2023-34000 is that any unauthenticated consumer has been capable of entry the PII knowledge from any WooCommerce order, together with e-mail addresses, names, and full addresses.

Credited with first discovering the vulnerability, WordPress safety service supplier Patchstack notified the plugin vendor means again on April 17, nevertheless it wasn’t till simply over six weeks later that model 7.4.1 was launched to patch the problem.

The changelog for model 7.4.1 contains two entries: “Add Order Key Validation,” and “Add sanitization and escaping some outputs.”

Regardless of the safety scare, the fee plugin stays a staple for a lot of ecommerce companies who select WordPress, for its skill to course of Visa, MasterCard, and American Specific funds – together with by way of Apple Pay – by way of Stripe’s API.

WooCommerce didn’t instantly reply to TechRadar Professional’s request for touch upon the vulnerability which took a number of weeks to repair.

• Searching for an alternate? Listed below are the most effective free web site builders