The Hacker News reports that exploitation of a critical security vulnerability in the WooCommerce Stripe Gateway plugin, which is used to permit various payment methods in WordPress-based e-commerce sites, could prompt sensitive data exposure. The plugin’s unauthenticated insecure direct object references flaw, tracked as CVE-2023-34000, was caused by inadequate access control mechanism in its “payment_fields”

Source: SC Magazine