Critical flaw found in WooCommerce Stripe Gateway Plugin

This security flaw caught my eye this morning.

It appears this has been fixed in the latest version of the plugin but the latest version of the plugin is not compatible with ClassicPress.

Anyone have any advice on how to keep ClassicPress sites using this plugin secure?

Thanks for bringing this to our attention. The best option is to apply the patch manually:

Thank you. This is very helpful.

1 Like

I’m using webtoffee stripe, do I need to do this manual patch ?

Also, just noticed I am running Version 3.6.8 and the latest version is 3.7.8
But there is no update button.

Thank you

This specific issue affected the Stripe gateway plugin created by WooCommerce. It does not affect Webtoffee’s plugin.

You may not see an update for the plugin because the latest version of Webtoffee’s plugin requires WordPress 5.6, and ClassicPress is currently based on 4.9. So the update is disabled to prevent users from breaking their websites.

We are currently working on ClassicPress v2.0, which is based on WordPress 6.2. When v2.0 is out, you can test Webtoffee’s plugin. You should be able to update then. Remember, we can’t guarantee it will work, so it’s best to test it on a staging website if possible to see if it works.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.