CVE-2024-11423
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Jan 8, 2025
CWE ID 862
Summary
CVE-2024-11423: The WooCommerce Gift Cards plugin for WordPress, specifically versions up to and including 3.0.6, contains a vulnerability. Unauthenticated attackers can exploit this issue by bypassing capability checks on certain REST API endpoints, such as /wp-json/gifting/recharge-giftcard. Consequences of this vulnerability include the ability to recharge gift card balances without making a payment and the reduction of gift card balances without any purchase. This puts the integrity and confidentiality of the affected systems at risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share