Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Lifecycle Timeline
2DescriptionCVE.org
Authentication Bypass Using an Alternate Path or Channel vulnerability in ThemeHigh Stripe Payment Gateway for WooCommerce allows Password Recovery Exploitation.
This issue affects Stripe Payment Gateway for WooCommerce: from n/a through 5.0.7.
AnalysisAI
Authentication bypass in ThemeHigh's Stripe Payment Gateway for WooCommerce (all versions through 5.0.7) allows unauthenticated remote attackers to exploit the plugin's password recovery flow to gain unauthorized access, affecting both data integrity and availability (CVSS 6.5). The flaw is classified as CWE-288 - Authentication Bypass Using an Alternate Path or Channel - meaning the plugin exposes an alternative code path that circumvents normal authentication controls. No public exploit code has been identified at time of analysis, and CISA has not added this to KEV, though SSVC flags the attack as automatable with partial technical impact.
Technical ContextAI
CWE-288 describes a class of flaws where an application implements authentication on a primary path but fails to enforce equivalent controls on an alternative path or channel - in this case, the password recovery mechanism within the WooCommerce Stripe plugin. WordPress plugins frequently implement custom account or payment-related flows that run outside core WordPress authentication, making them susceptible to logic gaps. The affected component is cpe:2.3:a:themehigh:stripe_payment_gateway_for_woocommerce:*:*:*:*:*:*:*:*, covering all tracked versions up to and including 5.0.7. The password recovery exploitation vector suggests the plugin handles account verification or token validation independently, and that verification logic can be subverted to assume a user identity without valid credentials.
RemediationAI
Update the ThemeHigh Stripe Payment Gateway for WooCommerce plugin to a version beyond 5.0.7; a patched release is referenced in the Patchstack advisory (https://patchstack.com/database/wordpress/plugin/payment-gateway-stripe-and-woocommerce-integration/vulnerability/wordpress-stripe-payment-gateway-for-woocommerce-plugin-5-0-7-broken-authentication-vulnerability), though the exact fixed version number is not independently confirmed from the available input data - verify the latest release via the WordPress plugin repository or the ThemeHigh vendor page. If immediate patching is not feasible, consider temporarily disabling the plugin's password recovery or account management functionality at the application layer, or restricting access to the relevant WooCommerce endpoints via WAF rules targeting the plugin's recovery parameter patterns. Disabling the plugin entirely is a high-impact workaround given it handles payment processing. Site administrators should also audit recent password reset activity for anomalous patterns as a detection measure.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31769
GHSA-rpvx-ppgf-2678