CVE-2023-35049: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in the WooCommerce Stripe Payment Gateway plugin versions 7.4.0 and below. The vulnerability was reported by security researcher Rafie Muhammad and was disclosed on June 13, 2023. This security issue affects WordPress websites using the WooCommerce Stripe Payment Gateway plugin (Patchstack).

The vulnerability is classified as a Broken Access Control issue, which stems from missing authorization, authentication, or nonce token checks in certain functions. This security flaw could potentially allow unprivileged users to execute higher privileged actions. The vulnerability has been assigned a CVSS score of 7.5, indicating a moderate to high severity level (Patchstack).

The vulnerability is classified as having a low severity impact, though it involves broken access control which could potentially allow unauthorized users to perform actions they shouldn't have access to. The specific impact varies case by case, but generally involves privilege escalation concerns (Patchstack).

The vulnerability has been patched in version 7.4.1 of the WooCommerce Stripe Payment Gateway plugin. Users are advised to update to version 7.4.1 or later to remediate the security issue. The fix was released shortly after the vulnerability was reported (Patchstack).