Lucene search
K

6 matches found

OSV
OSV
added 2024/02/28 9:15 a.m.4 views

CVE-2024-0432

The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxdeletecard' function. This makes it possible for unauthenticated attackers to delete the...

4.3CVSS7.2AI score
Exploits0References2
OSV
OSV
added 2024/02/28 9:15 a.m.4 views

CVE-2024-0431

The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxsetdefaultcard' function. This makes it possible for unauthenticated attackers to set the...

4.3CVSS5.7AI score0.00295EPSS
Exploits0References2
NVD
NVD
added 2024/02/28 9:15 a.m.25 views

CVE-2024-0431

The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxsetdefaultcard' function. This makes it possible for unauthenticated attackers to set the...

4.3CVSS4.2AI score0.00295EPSS
Exploits0References3
Prion
Prion
added 2024/02/28 9:15 a.m.30 views

Cross site request forgery (csrf)

The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxsetdefaultcard' function. This makes it possible for unauthenticated attackers to set the...

4.3CVSS4.3AI score0.00295EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/28 8:33 a.m.14 views

CVE-2024-0432 Gestpay for WooCommerce <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_delete_card

The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxdeletecard' function. This makes it possible for unauthenticated attackers to delete the...

4.3CVSS6.6AI score0.00275EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/02/27 12:0 a.m.25 views

Gestpay for WooCommerce < 20240307 - Cross-Site Request Forgery (CSRF) via ajax_delete_card

Description The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxdeletecard' function. This makes it possible for unauthenticated attackers to...

4.3CVSS4.6AI score0.00275EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder