Top WordPress ecommerce plugin has a major security flaw, so patch now

Critical update issued for Stripe WordPress plugin

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

WordPressusers who have installed the WooCommerce Stripe Gateway Plugin are being urged to update to at least version 7.4.1 following the news of a major vulnerability potentially exposing users’ PII data.

The vulnerability, assigned CVE-2023-34000, relates to the free version of the WooCommerce Stripe Gateway plugin, specifically versions 7.4.0 and below. The popularecommerceplugin has amassed more than 900,000 active installations, making the severity of the bug particularly alarming.

Because the plugin allows customers to process payments on their chosen business’s own WordPress page, rather than being diverted to an externally hosted page, the Stripe plugin has proven particularly popular.

Update Stripe WordPress plugin now

The cause for concern for CVE-2023-34000 is that any unauthenticated user has been able to access the PII data from any WooCommerce order, including email addresses, names, and full addresses.

These are the best identity theft protection services around>This old WordPress plugin is being used to hack compromised websites>WordPress force installs update on 5 million sites following security worry

Credited with first finding the vulnerability, WordPress security service providerPatchstacknotified the plugin vendor way back on April 17, but it wasn’t until just over six weeks later that version 7.4.1 was released to patch the issue.

The changelog for version 7.4.1 includes two entries: “Add Order Key Validation,” and “Add sanitization and escaping some outputs.”

Despite the security scare, the payment plugin remains a staple for many ecommerce businesses who choose WordPress, for its ability to process Visa, MasterCard, and American Express payments - including viaApplePay - via Stripe’s API.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

WhenTechRadar Proasked WooCommerce for a comment, we were directed to apostby Engineering Director Matt Bumgardner.

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Washington state court systems taken offline following cyberattack

Is it still worth using Proton VPN Free?

Filming with an iPhone? A smart, AI-powered gimbal from Hohem can help