CVSS 3.1 Score 4.3 of 10 (medium)


Published Feb 28, 2024


CVE-2024-0433 is a vulnerability found in the Gestpay for WooCommerce plugin for WordPress, affecting all versions up to and including 20221130. The vulnerability allows unauthenticated attackers to perform Cross-Site Request Forgery by exploiting missing or incorrect nonce validation on the 'ajax_unset_default_card' function. By tricking a site administrator into clicking on a link, the attackers can remove the default status of a card token for a user. The risk score for this vulnerability is 5, indicating a medium severity level. Remediation measures should be taken to address this vulnerability and protect organizations using the affected plugin from potential unauthorized actions or data compromise.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-0433 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options