Vulnerability Details CVE-2024-0431
The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajax_set_default_card' function. This makes it possible for unauthenticated attackers to set the default card token for a user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 21.2%
CVSS Severity
CVSS v3 Score 4.3
Products affected by CVE-2024-0431
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:-
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20170427
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20170502
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20170508
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20170602
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20170920
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20171125
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20180108
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20180412
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20180426
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20180516
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20180606
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20180809
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20180927
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20181129
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20190320
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20190411
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20190515
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20190701
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20190909
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20191012
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20191022
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20200719
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20200811
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20201018
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20201212
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20210129
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20210713
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20211031
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20220228
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20220722
-
cpe:2.3:a:fabrick:gestpay_for_woocommerce:20221130