CVE-2024-1719

Summary

CVE-2024-1719 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Easy PayPal & Stripe Buy Now Button plugin for WordPress in versions up to 1.8.3, and the Contact Form 7 – PayPal & Stripe Add-on in versions up to 2.1. The issue arises from inadequate nonce validation on the 'wpecpp_stripe_connect_completion' function. This allows unauthenticated attackers to manipulate the plugins' settings and alter the Stripe connection, potentially putting sensitive payment information at risk. Attackers can exploit this vulnerability by tricking a site administrator into executing a malicious request, such as clicking on a specially crafted link.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.