What the vulnerability does
01Description
Authentication Bypass Using an Alternate Path or Channel vulnerability in ThemeHigh Stripe Payment Gateway for WooCommerce allows Password Recovery Exploitation.
This issue affects Stripe Payment Gateway for WooCommerce: from n/a through 5.0.7.
Explanation of Vulnerability in Simple Terms
02Summary
The Stripe Payment Gateway for WooCommerce plugin through version 5.0.7 contains an authentication weakness that allows unauthenticated attackers to modify payment data or disrupt transactions. The vulnerability requires only network access and no user interaction. Site owners should update immediately to prevent unauthorized payment manipulation.
What an attacker can do
03Attacker Capabilities
Modify payment transaction data or disrupt payment processing without authentication.
Potential impact on your site
04Site Impact
Attackers can tamper with Stripe payments or cause transaction failures on your WooCommerce store.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
May 25, 2026
CVE published
May 26, 2026
Record updated