2 matches found
CVE-2024-0432 Gestpay for WooCommerce <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_delete_card
The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxdeletecard' function. This makes it possible for unauthenticated attackers to delete the...
CVE-2024-0432
CVE-2024-0432 concerns the Gestpay for WooCommerce plugin for WordPress. The issue is a CSRF vulnerability caused by missing or incorrect nonce validation in the ajax_delete_card function across versions up to 20221130. This enables unauthenticated attackers to delete a user’s default card token ...