CVE-2026-45217 MEDIUM

CVE-2026-45217: WordPress Stripe Payment Gateway for WooCommerce plugin <= 5.0.7 - Broken Authentication vulnerability

Vendor Themehigh
Product Stripe Payment Gateway for WooCommerce
Weakness CWE-288
Published May 25, 2026
Last update May 26, 2026

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

Authentication Bypass Using an Alternate Path or Channel vulnerability in ThemeHigh Stripe Payment Gateway for WooCommerce allows Password Recovery Exploitation. This issue affects Stripe Payment Gateway for WooCommerce: from n/a through 5.0.7.

Explanation of Vulnerability in Simple Terms

02Summary

The Stripe Payment Gateway for WooCommerce plugin through version 5.0.7 contains an authentication weakness that allows unauthenticated attackers to modify payment data or disrupt transactions. The vulnerability requires only network access and no user interaction. Site owners should update immediately to prevent unauthorized payment manipulation.

What an attacker can do

03Attacker Capabilities

Modify payment transaction data or disrupt payment processing without authentication.

Potential impact on your site

04Site Impact

Attackers can tamper with Stripe payments or cause transaction failures on your WooCommerce store.

Conditions required to exploit

05Prerequisites

Network access only; no authentication or user interaction required.

Key dates

06Disclosure timeline

May 25, 2026 CVE published
May 26, 2026 Record updated

Related vulnerabilities

08Related CVE