via wptavern.com => original post link
Patchstack is reporting an Insecure Direct Object References (IDOR) vulnerability in WooCommerce Stripe Gateway, the most popular WooCommerce Stripe payment plugin with more than 900,000 active users. It was discovered by Patchstack researcher Rafie Muhammad on April 17, 2023, and patched by WooCommerce on May 30, 2023, in version 7.4.1.
The security advisory describes the vulnerability as follows:
This vulnerability allows any unauthenticated user to view any WooCommnerce order’s PII data including email, user’s name, and full address. The described vulnerability was fixed in version 7.4.1 with some backported fixed version and assigned CVE-2023-34000.