{"vulnerability": "CVE-2024-0431", "sightings": [{"uuid": "2b201f06-8a44-4996-a2f1-11988b079469", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0431", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12886", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-0431\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajax_set_default_card' function. This makes it possible for unauthenticated attackers to set the default card token for a user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2024-02-28T08:33:10.023Z\n\ud83d\udccf Modified: 2025-04-22T15:58:56.467Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/7d3a6650-5be0-4162-93eb-369538a2ebc5?source=cve\n2. https://plugins.trac.wordpress.org/browser/gestpay-for-woocommerce/trunk/inc/class-gestpay-cards.php#L117", "creation_timestamp": "2025-04-22T16:03:29.000000Z"}, {"uuid": "f736b00d-34b7-4305-bf0e-faa98c87cf4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0431", "type": "seen", "source": "https://t.me/ctinow/207573", "content": "https://ift.tt/XRt0Q9U\nCVE-2024-0431 | Gestpay for WooCommerce Plugin up to 20221130 on WordPress ajax_set_default_card cross-site request forgery", "creation_timestamp": "2024-03-14T09:51:08.000000Z"}]}