I saw woocomerce announced a stripe security vulnerability fix today. Is the gravity forms stripe plugin secure?
Hello. Do you have a link to the WooCommerce announcement? I’ll pass that along to the appropriate team.
We’re reaching out to let you know that a security vulnerability was discovered in the Stripe extension for WooCommerce, and a patch has been deployed to address it. This applies to all versions of the extension after 5.5.0. This vulnerability could have permitted unauthorized users to access information about recent transactions, or possibly allowed for the creation of falsified shop transactions.
No evidence of an external breach has been detected . As soon as we discovered this vulnerability, we immediately developed and deployed a patch.
What do I need to do?
If your store is hosted on WordPress.com, the extension is in the process of being updatedor has already been updated to remove the vulnerability.
If your store is not hosted on WordPress.com, we strongly recommend that you ensure you’re using the latest, secure version of the Stripe extension:
· From your site’s WordPress Admin dashboard, click the Plugins menu item and look for WooCommerce Stripe in your list of plugins.
· The version number should be displayed in the description column next to the plugin name. If your version is 7.4.1 or higher, no further action is needed.
· If your version is lower than 7.4.1, you may see a notice guiding you to update WooCommerce Stripe — please go ahead and do so.
· If you don’t see a notice, you can download the latest version from your WooCommerce.com account dashboard or from WordPress.org.
Has my data been compromised?
At this time, we have no evidence that this vulnerability was exploited. We are continuing to monitor and will notify you of any new information.
We always strive for transparent and timely communication with our community. If you have any questions about this issue, please get in touch with our Happiness team.
Thank you for sharing that. I will ask the product team.
Hello. I checked with the product team and they took a look at the patch that was pushed for the WooCommerce Stripe extension. It was not a vulnerability in Stripe but in their plugin. The values were not being properly escaped or sanitized.
It does not look like the issues they fixed in their extension apply to our plugin and we’re not currently aware of any vulnerabilities in our Stripe Add-On.
If you have any other questions, please let us know.
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.