Lucene search
+L

4 matches found

NVD
NVD
added 2021/10/04 6:15 p.m.15 views

CVE-2021-39347

The Stripe for WooCommerce WordPress plugin is missing a capability check on the save function found in the /includes/admin/class-wc-stripe-admin-user-edit.php file that makes it possible for attackers to configure their account to use other site users unique STRIPE identifier and make purchases...

4.3CVSS0.00648EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2021/10/04 5:21 p.m.8 views

CVE-2021-39347 Stripe for WooCommerce 3.0.0 - 3.3.9 Missing Authorization Controls to Financial Account Hijacking

The Stripe for WooCommerce WordPress plugin is missing a capability check on the save function found in the /includes/admin/class-wc-stripe-admin-user-edit.php file that makes it possible for attackers to configure their account to use other site users unique STRIPE identifier and make purchases...

4.3CVSS4.5AI score0.00648EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/10/04 5:21 p.m.17 views

CVE-2021-39347 Stripe for WooCommerce 3.0.0 - 3.3.9 Missing Authorization Controls to Financial Account Hijacking

The Stripe for WooCommerce WordPress plugin is missing a capability check on the save function found in the /includes/admin/class-wc-stripe-admin-user-edit.php file that makes it possible for attackers to configure their account to use other site users unique STRIPE identifier and make purchases...

4.3CVSS4.8AI score0.00648EPSS
Exploits0References2
CVE
CVE
added 2021/10/04 5:21 p.m.46 views

CVE-2021-39347

CVE-2021-39347 affects the WordPress Stripe for WooCommerce plugin (versions 3.0.0–3.3.9). The issue is a missing capability check in the save() function of includes/admin/class-wc-stripe-admin-user-edit.php, enabling an attacker to configure a user’s account to use another user’s Stripe identifi...

4.3CVSS4.5AI score0.00648EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder