{"id":8623,"date":"2023-06-20T05:48:14","date_gmt":"2023-06-20T05:48:14","guid":{"rendered":"https:\/\/texnokun.uz\/?p=8623"},"modified":"2023-06-20T05:48:16","modified_gmt":"2023-06-20T05:48:16","slug":"woocommerce-stripe-gateway-wordpress-plaginidagi-muhim-zaiflik-yuz-minglab-veb-saytlarga-tahdid-soladi","status":"publish","type":"post","link":"https:\/\/texnokun.uz\/?p=8623","title":{"rendered":"WooCommerce Stripe Gateway WordPress plaginidagi muhim zaiflik yuz minglab veb-saytlarga tahdid soladi"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Mashhur WordPress WooCommerce Stripe Gateway plaginida maxfiy ma\u2019lumotlarning chiqib ketishiga olib kelishi mumkin bo\u2018lgan zaiflik aniqlandi: autentifikatsiya qilinmagan har qanday foydalanuvchi plagin orqali joylashtirilgan buyurtmalar tafsilotlarini ko\u2018rishi mumkin.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">WooCommerce Stripe Payment &#8211; bu WordPress tomonidan ishlab chiqilgan elektron tijorat saytlari uchun to&#8217;lov shlyuzidir.&nbsp;Bu veb-saytlarga Visa, MasterCard, American Express, Apple Pay va Google Pay kabi to\u02bblov usullarini Stripe to\u02bblovni qayta ishlash API orqali qabul qilish imkonini beradi.&nbsp;Hozirda plagin 900 000 dan ortiq faol o&#8217;rnatishga ega.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/patchstack.com\/articles\/unauthenticated-idor-to-pii-disclosure-vulnerability-in-woocommerce-stripe-gateway-plugin\/\">Patchstack<\/a>&nbsp;tahlilchilari&nbsp;&nbsp;plagin CVE-2023-34000, ya\u02bcni xavfsiz bo\u02bblmagan to\u02bbg\u02bbridan-to\u02bbg\u02bbri ob\u02bcyekt havolalari (IDOR) tipidagi muammoga nisbatan zaif ekanligini aniqladilar, bu esa maxfiy ma\u02bclumotlarning oshkor etilishiga olib kelishi mumkin.&nbsp;Masalan, zaiflik ruxsatsiz foydalanuvchilarga hisob-kitob sahifalaridagi ma&#8217;lumotlarni, jumladan, foydalanuvchilarning shaxsiy ma&#8217;lumotlarini, ularning elektron pochta manzillarini, etkazib berish manzillarini va to&#8217;liq ismni ko&#8217;rish imkonini beradi.Tadqiqotchilar yozganidek, muammo buyurtma ob&#8217;ektlarini xavfsiz qayta ishlash va javascript_params va payment_fields funktsiyalarida kirishni boshqarishning tegishli mexanizmining yo&#8217;qligi bilan bog&#8217;liq.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Natijada, so&#8217;rovlar ruxsatini yoki foydalanuvchi xaritasini tekshirmasdan, har qanday buyurtmalar tafsilotlarini ko&#8217;rsatish uchun ushbu funktsiyalar suiiste&#8217;mol qilinishi mumkin.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/texnokun.uz\/wp-content\/uploads\/2023\/06\/paymentfields-action.jpg\" alt=\"\" class=\"wp-image-8624\" width=\"368\" height=\"449\" srcset=\"https:\/\/texnokun.uz\/wp-content\/uploads\/2023\/06\/paymentfields-action.jpg 764w, https:\/\/texnokun.uz\/wp-content\/uploads\/2023\/06\/paymentfields-action-246x300.jpg 246w\" sizes=\"auto, (max-width: 368px) 100vw, 368px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">Xabar qilinishicha, zaiflik WooCommerce Stripe Gateway\u2019ning 7.4.1 dan past bo\u2018lgan barcha versiyalariga ta\u2019sir qiladi, foydalanuvchilarga yangilash tavsiya etiladi.&nbsp;Qayta ko\u02bbrib chiqilgan 7.4.1 versiyasi 2023-yil 30-mayda chiqarilgan.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Mashhur WordPress WooCommerce Stripe Gateway plaginida maxfiy ma\u2019lumotlarning chiqib ketishiga olib kelishi mumkin bo\u2018lgan zaiflik aniqlandi<\/p>\n","protected":false},"author":17,"featured_media":8624,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[23],"tags":[8],"class_list":["post-8623","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-kiberxavfsizlik"],"_links":{"self":[{"href":"https:\/\/texnokun.uz\/index.php?rest_route=\/wp\/v2\/posts\/8623","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/texnokun.uz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/texnokun.uz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/texnokun.uz\/index.php?rest_route=\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/texnokun.uz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8623"}],"version-history":[{"count":2,"href":"https:\/\/texnokun.uz\/index.php?rest_route=\/wp\/v2\/posts\/8623\/revisions"}],"predecessor-version":[{"id":8680,"href":"https:\/\/texnokun.uz\/index.php?rest_route=\/wp\/v2\/posts\/8623\/revisions\/8680"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/texnokun.uz\/index.php?rest_route=\/wp\/v2\/media\/8624"}],"wp:attachment":[{"href":"https:\/\/texnokun.uz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8623"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/texnokun.uz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8623"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/texnokun.uz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8623"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}