Card testing vulnerability patched in WooPayments. A card testing vulnerability in the SetupIntent flow for WooPayments was detected and patched. Server-side rate limiting, keyed to individual Stripe customer IDs, blocked thousands of fraudulent attempts within 10 days of deployment. This protection is server-side; no plugin update is required. All WooPayments merchants are automatically protected.
Cache poisoning vulnerability resolved. A security researcher also reported a vulnerability in which checkout appearance settings could be manipulated via cache poisoning. WooPayments resolved this by moving appearance computation entirely to the client side, eliminating the attack surface.
Stripe subscription payment method fix. The Stripe for WooCommerce extension now verifies that the logged-in customer owns a subscription before allowing a change to a payment method. This closes a vulnerability that allowed an authenticated user to update another customer’s payment method on their subscription.
No action required — these security improvements are automatic on your store.