Unveiling the Authentication Gap in Stripe Payment Plugin for WooCommerce

A Primer on Preventing Account Takeovers

Cory Marsh
Cory Marsh
Share:
Cory Marsh has over 20 years Internet security experience. He is a lead developer on the BitFire project and regularly releases PHP security and programming videos on BitFire's you tube channel.
...
payment-gateway-stripe-and-woocommerce-integration, 20,000+ sites hacked
Account Takeover Unauthenticated Exploit Code Available

One of the unspoken rules in security is that there's no such thing as "fully secure," especially when it comes to the complex and ever-evolving landscape of WordPress plugins. Today we're dissecting a glaring vulnerability in a popular plugin, Stripe Payment Plugin for WooCommerce, and how you can guard against it. This should be a wake-up call for all who rely on WordPress plugins for functionalities like payment processing—a firewall like BitFire is not just an optional add-on; it's a necessity for serious security.

View CVE Report: CVE-2023-3162

View On WordPress.org: payment-gateway-stripe-and-woocommerce-integration

View On Trac: plugins.trac.wordpress.org


Stripe Payment Plugin for WooCommerce

"With this WooCommerce Stripe plugin, you can activate Stripe checkout on your store site and let your customers pay with their credit or debit cards at the checkout. This ensures a smooth and secure payment experience for your users."

-- payment-gateway-stripe-and-woocommerce-integration
  • Accept payments via BECS, Bacs, Boleto, FPX, Grabpay, OXXO, Multibanco, Bancontact, EPS, P24, Giropay, and Affirm [New]
  • Supports Stripe checkout: Enables a safer payment experience for your customers
  • Let customers save card details for an easy checkout experience
...


BitFire's 0-day protection of CVE-2023-3162 vulnerability

The Gory Details

The vulnerability exists in versions of Stripe Payment Plugin for WooCommerce up to and including 3.7.7. Specifically, the plugin is susceptible to an authentication bypass exploit. How? It inadequately verifies the user during a Stripe checkout. This loophole allows an unauthenticated attacker to log in as any user who has processed an order through the system. For eCommerce sites, that's almost every customer and, potentially, admin accounts.

Mitigating the Risk

The issue could be partially mitigated if a site administrator has a valid order number on the system. But let's be clear: this isn't a solution. It's a band-aid on a broken leg.

Why BitFire?

In a scenario like this, a runtime application self-protection (RASP) firewall like BitFire can serve as a powerful line of defense. It not only detects but also prevents real-time attacks by analyzing the behavior of the incoming traffic, making it exceptionally effective at mitigating complex vulnerabilities like this one.

The Bottom Line

You might have the most complex password policies and the most secure hosting environment, but all of that becomes moot if a plugin you rely on has a critical vulnerability. The key takeaway here is that WordPress administrators need a proactive, robust security approach. And that should include a quality firewall like BitFire to fend off the myriad potential attack vectors, including account takeovers.
Stay vigilant. Stay secure. And remember: in the realm of cybersecurity, complacency is the enemy.

Removed Code
includes/class-stripe-checkout.php
$order_id = intval( $_GET['order_id'] ); $order = wc_get_order($order_id); if(isset($_GET['createaccount']) && absint($_GET['createaccount'])==1) { $userID = (WC()->version < '2.7.0') ? $order->user_id : $order->get_user_id(); wc_set_customer_auth_cookie( $userID );
Replaced Code