WordPress Gestpay for WooCommerce plugin <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_unset_default_card vulnerability

Cross-Site Request Forgery CSRF via ajaxunsetdefaultcard vulnerability discovered by Francesco Carlucci in WordPress Plugin Gestpay for WooCommerce versions = 20221130...

PT-2024-15557 · WordPress · Gestpay For Woocommerce

Name of the Vulnerable Software and Affected Versions: Gestpay for WooCommerce plugin for WordPress versions up to, and including, 20221130 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajax unset default card function. This...

WordPress Plugin Gestpay for WooCommerce Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Plugin Gestpay for WooCommerce Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Gestpay for WooCommerce Plugin <= 20221130 is vulnerable to Cross Site Request Forgery (CSRF)

Software Gestpay for WooCommerce Type Plugin Vulnerable versions = 20221130 Fixed in 20240307 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0431 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c805dc083a4d Credits...