# Vulnerability Summary ## Overview This vulnerability involves missing authentication and nonce checks in the Stripe webhook AJAX handler. An attacker may forge requests to bypass authentication and perform unauthorized actions. ## Impact Scope - Affects Stripe webhook management features, including create, delete, and rebuild operations. - The impact is limited to WordPress plugins that use Stripe webhooks. ## Remediation Plan 1. **Add Shared Authorization Check**: Implement a shared authorization check in the Stripe webhook AJAX handler. 2. **Require Existing Permissions**: Before performing create, delete, or rebuild operations, require existing PMPro payment settings permissions or manage options capability. 3. **Add and Send Nonce**: Add and send a nonce for Stripe webhook management AJAX requests. ### Modified Files - `js/pmpro-admin.js`: Sends nonce with Stripe webhook create/delete/rebuild AJAX requests. - `includes/scripts.php`: Localizes the Stripe webhook nonce into the `pmpro` JS object for use on admin pages. - `classes/gateways/class.pmprogateway_stripe.php`: Adds centralized capability + nonce validation, and enforces it in the webhook AJAX handler. ### Code Examples ```javascript // js/pmpro-admin.js // Sends nonce with Stripe webhook create/delete/rebuild AJAX requests ``` ```php // includes/scripts.php // Localizes the Stripe webhook nonce into the `pmpro` JS object for use on admin pages ``` ```php // classes/gateways/class.pmprogateway_stripe.php // Adds centralized capability + nonce validation, and enforces it in the webhook AJAX handler ```