The WooCommerce Stripe payment gateway plugin was discovered to have a vulnerability that allows an attacker to steal customer personally identifiable information (PII) from stores using the plugin.
Security researchers warn that hackers do not need authentication to pull off the exploit, which received a rating of high, 7.5 on a scale of 1 – 10.
WooCommerce Stripe Payment Gateway Plugin
The Stripe payment gateway plugin, developed by WooCommerce, Automattic, WooThemes and other contributors, is installed in over 900,000 websites.
It offers an easy way for customers at WooCommerce stores to checkout, with a number of different credit cards and without having to open an account.
A Stripe account is automatically created at checkout, providing customers with a frictionless ecommerce shopping experience.
The plugin works through an application programming interface (API ).
An API is like a bridge between two software that allows the WooCommerce store to interact with the Stripe software to process orders from the website to Stripe seamlessly.
What is the Vulnerability in WooCommerce Stripe Plugin?
Security researchers at Patchstack discovered the vulnerability and responsibly disclosed it to the relevant parties.
According to security researchers at Patchstack: