Primary

Context

Otter Blocks WordPress Plugin Purchase Verification Bypass Vulnerability

Vulnerability

Patched

A vulnerability exists in the Otter Blocks plugin for WordPress, affecting all versions up to and including 3.1.4. The issue arises from the 'get_customer_data' method, which depends on an unsigned 'o_stripe_data' cookie to verify Stripe product ownership for unauthenticated users. The 'check_purchase' method accepts this cookie information without conducting server-side validation against the Stripe API for one-time 'payment' mode transactions. As a result, unauthenticated attackers can manipulate the 'o_stripe_data' cookie to bypass content restrictions tied to Stripe purchases, using product IDs that are publicly available in the checkout block's HTML.

Impact

Exploitation of this vulnerability allows unauthenticated users to bypass purchase verification checks, potentially leading to unauthorized access to content or features that require a valid Stripe purchase.

Remediation

Users are advised to update the Otter Blocks plugin to version 3.1.5 or a later patched version.

Added: Apr 30, 2026, 2:21 PM

Updated: Apr 30, 2026, 2:21 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.3

exploitability

8.2

remediation

7.7

relevance

7.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.3

exploitability

8.2

remediation

7.7

relevance

7.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Otter Blocks WordPress Plugin Purchase Verification Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Otter Blocks

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating