cbcvebase.
CVE-2024-0705
published 2024-01-19

CVE-2024-0705: The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including…

PriorityP260high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
2.66%
83.8th percentile
The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Affected

2 ranges
VendorProductVersion rangeFixed in
themehighpayment_gateway_of_stripe_for_woocommerce<= 3.7.9
webtoffeestripe_payment_plugin_for_woocommerce< 3.8.03.8.0

Detection & IOCsextracted from sources · hover to see the quote

sigma
Stripe Payment Plugin for WooCommerce = 6'
- 'status_code == 200'
condition: and
# digest: 490a00463044022016a8f39a483086cb723a70472fc1b9e9e03c54f04f39acf8999ef20f420f33140220077b732ba43da08f8f739ae6a0f28c58e4c298a92cc0b1b34cd8584a3bd31b42:922c64590222798bb761d5b6d8e72950
  • Monitor for SQL injection attempts via the 'id' parameter in the Stripe Payment Plugin for WooCommerce (versions up to and including 3.7.9). Look for appended SQL syntax (e.g., quotes, UNION, stacked queries) in the 'id' parameter of plugin requests.
  • Unauthenticated requests (no session/auth cookie) targeting the plugin endpoint with a manipulated 'id' parameter and receiving HTTP 200 responses should be treated as suspicious and investigated for data exfiltration.
  • ·The Sigma-style rule fragment in the source is incomplete — it lacks a full 'detection' block and log source definition. It should be treated as a partial indicator only and requires completion before deployment in a SIEM.
  • ·The vulnerability affects all plugin versions up to and including 3.7.9; ensure version-based detection or blocking is scoped correctly and does not apply to patched versions above 3.7.9.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.