What the vulnerability does
01Description
Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions.
Explanation of Vulnerability in Simple Terms
WP Full Stripe Free versions up to 8.4.1 contain an authentication bypass that allows logged-in users with low privileges to read sensitive payment and customer data. The vulnerability does not require user interaction and affects confidentiality of stored information. Site administrators should update to a version newer than 8.4.1 when available.
What an attacker can do
Read sensitive payment and customer data without proper authorization checks.
Potential impact on your site
Customer payment records and personal data may be exposed to low-privilege users or compromised accounts.
Conditions required to exploit
Attacker must have a low-privilege account (e.g., subscriber or contributor role) on the WordPress site.
Key dates
External resources
Related vulnerabilities