Threat Entry Updated 2025-02-10

CVE-2024-0433 - Gestpay For Woocommerce Plugin

The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajax_unset_default_card' function. This makes it possible for unauthenticated attackers to remove the default status of a card token for a user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Gestpay For Woocommerce

CVE-2024-0433

MEDIUM CVSS 4.3 2024-02-28

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-02-10

CVE-2024-0432 - Gestpay For Woocommerce Plugin

The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajax_delete_card' function. This makes it possible for unauthenticated attackers to delete the default card token for a user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Gestpay For Woocommerce

CVE-2024-0432

MEDIUM CVSS 4.3 2024-02-28

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-02-25

CVE-2024-0431 - Gestpay For Woocommerce Plugin

The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajax_set_default_card' function. This makes it possible for unauthenticated attackers to set the default card token for a user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Gestpay For Woocommerce

CVE-2024-0431

MEDIUM CVSS 4.3 2024-02-28

Risk Score

Open Full Technical Breakdown