{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T22:57:27.971","vulnerabilities":[{"cve":{"id":"CVE-2023-3162","sourceIdentifier":"security@wordfence.com","published":"2023-08-31T06:15:09.737","lastModified":"2026-04-08T18:18:08.280","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This is due to insufficient verification on the user being supplied during a Stripe checkout through the plugin. This allows unauthenticated attackers to log in as users who have orders, who are typically customers."},{"lang":"es","value":"El plugin Stripe Payment Plugin for WooCommerce para WordPress es vulnerable a omisión de autenticación en versiones hasta la 3.7.7, inclusive. Esto se debe a una verificación insuficiente del usuario proporcionado durante un proceso de pago de Stripe a través del plugin. Esto permite a atacantes no autenticados iniciar sesión como usuarios que tienen pedidos, quienes son típicamente clientes."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-288"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:webtoffee:stripe_payment_plugin_for_woocommerce:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"3.7.7","matchCriteriaId":"D869C0F7-157C-4275-9389-713838B658A1"}]}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/payment-gateway-stripe-and-woocommerce-integration/tags/3.7.7/includes/class-stripe-checkout.php#L640","source":"security@wordfence.com","tags":["Patch"]},{"url":"https://plugins.trac.wordpress.org/changeset/2925361/payment-gateway-stripe-and-woocommerce-integration","source":"security@wordfence.com","tags":["Patch"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4d052f3e-8554-43f0-a5ae-1de09c198d7b?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]},{"url":"https://plugins.trac.wordpress.org/browser/payment-gateway-stripe-and-woocommerce-integration/tags/3.7.7/includes/class-stripe-checkout.php#L640","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://plugins.trac.wordpress.org/changeset/2925361/payment-gateway-stripe-and-woocommerce-integration","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4d052f3e-8554-43f0-a5ae-1de09c198d7b?source=cve","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}