A vulnerability marked as critical has been reported in WooCommerce Stripe Payment Gateway Plugin up to 10.7.0 on WordPress. This affects the function ajax_pay_for_order of the component AJAX Endpoint . This manipulation causes missing authorization. This vulnerability appears as CVE-2026-2381 . The attack may be initiated remotely. There is no available exploit.