CVE-2024-11423

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jan 8, 2025
CWE ID 862

Summary

CVE-2024-11423: The WooCommerce Gift Cards plugin for WordPress, specifically versions up to and including 3.0.6, contains a vulnerability. Unauthenticated attackers can exploit this issue by bypassing capability checks on certain REST API endpoints, such as /wp-json/gifting/recharge-giftcard. Consequences of this vulnerability include the ability to recharge gift card balances without making a payment and the reduction of gift card balances without any purchase. This puts the integrity and confidentiality of the affected systems at risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share