25 matches found
WordPress Gestpay for WooCommerce plugin <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_unset_default_card vulnerability
Cross-Site Request Forgery CSRF via ajaxunsetdefaultcard vulnerability discovered by Francesco Carlucci in WordPress Plugin Gestpay for WooCommerce versions = 20221130...
WordPress Gestpay for WooCommerce plugin <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_delete_card vulnerability
Cross-Site Request Forgery CSRF via ajaxdeletecard vulnerability discovered by Francesco Carlucci in WordPress Plugin Gestpay for WooCommerce versions = 20221130...
EUVD-2024-16227
Malicious code in bioql PyPI...
EUVD-2024-16228
Malicious code in bioql PyPI...
CVE-2024-0432
The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxdeletecard' function. This makes it possible for unauthenticated attackers to delete the...
CVE-2024-0433
The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxunsetdefaultcard' function. This makes it possible for unauthenticated attackers to remove...
CVE-2024-0431
The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxsetdefaultcard' function. This makes it possible for unauthenticated attackers to set the...
CVE-2024-0432
The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxdeletecard' function. This makes it possible for unauthenticated attackers to delete the...
CVE-2024-0432
The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxdeletecard' function. This makes it possible for unauthenticated attackers to delete the...
CVE-2024-0431
The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxsetdefaultcard' function. This makes it possible for unauthenticated attackers to set the...
Cross site request forgery (csrf)
The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxdeletecard' function. This makes it possible for unauthenticated attackers to delete the...
CVE-2024-0431 Gestpay for WooCommerce <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_set_default_card
The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxsetdefaultcard' function. This makes it possible for unauthenticated attackers to set the...
CVE-2024-0431
CVE-2024-0431 — Gestpay for WooCommerce (WordPress) is a CSRF vulnerability in the ajax_set_default_card handler caused by missing/incorrect nonce validation. It allows unauthenticated attackers to set a user’s default card token via a forged request if a site admin is enticed to perform an actio...
CVE-2024-0432 Gestpay for WooCommerce <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_delete_card
The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxdeletecard' function. This makes it possible for unauthenticated attackers to delete the...
CVE-2024-0432 Gestpay for WooCommerce <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_delete_card
The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxdeletecard' function. This makes it possible for unauthenticated attackers to delete the...
CVE-2024-0432
CVE-2024-0432 concerns the Gestpay for WooCommerce plugin for WordPress. The issue is a CSRF vulnerability caused by missing or incorrect nonce validation in the ajax_delete_card function across versions up to 20221130. This enables unauthenticated attackers to delete a user’s default card token ...
CVE-2024-0433 Gestpay for WooCommerce <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_unset_default_card
The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxunsetdefaultcard' function. This makes it possible for unauthenticated attackers to remove...
CVE-2024-0433
Gestpay for WooCommerce (WordPress plugin) is vulnerable to Cross-Site Forgery via multiple AJAX endpoints (ajax_unset_default_card in versions up to 20221130; similarly documented in ajax_delete_card and related actions). The issue arises from missing/incorrect nonce validation, allowing unauthe...
PT-2024-15555 · WordPress · Gestpay For Woocommerce
Name of the Vulnerable Software and Affected Versions: Gestpay for WooCommerce plugin for WordPress versions up to, and including, 20221130 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajax set default card function. This allo...
WordPress Plugin Gestpay for WooCommerce Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...