CVE-2024-11423 – WooCommerce Gift Cards Advanced Coupons Unauthorized Data Modification

1月 8, 2025
12:16 pm

CVE ID : CVE-2024-11423

Published : Jan. 8, 2025, 11:15 a.m. | 1 hour, 1 minute ago

Description : The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints such as /wp-json/gifting/recharge-giftcard in all versions up to, and including, 3.0.6. This makes it possible for unauthenticated attackers to recharge a gift card balance, without making a payment along with reducing gift card balances without purchasing anything.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-11423 – WooCommerce Gift Cards Advanced Coupons Unauthorized Data Modification

Elvescore.io

Recent Posts

CVE-2025-21102 – Dell VxRail Plaintext Storage of a Password Vulnerability