CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44999 – WordPress WooCommerce Stripe Gateway plugin <= 7.6.0 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2023-44999
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.0. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WooCommerce WooCommerce Stripe Payment Gateway. Este problema afecta a WooCommerce Stripe Payment Gateway: desde n/a hasta 7.6.0. The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 7.6.1 (exclusive). This is due to missing or incorrect nonce validation on the maybe_handle_redirect function. • https://patchstack.com/database/vulnerability/woocommerce-gateway-stripe/wordpress-woocommerce-stripe-gateway-plugin-7-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35049 – WordPress WooCommerce Stripe Payment Gateway plugin <= 7.4.0 - Unauthenticated Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-35049
Missing Authorization vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.4.0. Vulnerabilidad de autorización faltante en WooCommerce WooCommerce Stripe Payment Gateway. Este problema afecta a WooCommerce Stripe Payment Gateway: desde n/a hasta 7.4.0. The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 7.4.0. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/woocommerce-gateway-stripe/wordpress-woocommerce-stripe-payment-gateway-plugin-7-4-0-unauthenticated-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •