{"vulnerability": "CVE-2024-11423", "sightings": [{"uuid": "68ad7cea-a57c-47b0-835b-c7e06e0e1430", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11423", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113792436139547295", "content": "", "creation_timestamp": "2025-01-08T11:13:00.539126Z"}, {"uuid": "dcf3a25c-080a-4c84-b0ce-c6252640f58f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11423", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf7zxnzlxm2d", "content": "", "creation_timestamp": "2025-01-08T11:15:40.320463Z"}, {"uuid": "537de30b-55fe-4734-ba7a-536e7b191596", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11423", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfa43v4rfo2w", "content": "", "creation_timestamp": "2025-01-08T11:53:49.462227Z"}, {"uuid": "81dac053-4db4-4c05-9aee-e6d5563d386b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11423", "type": "seen", "source": "https://bsky.app/profile/gothburz.bsky.social/post/3lfbqnrjwik2y", "content": "", "creation_timestamp": "2025-01-09T03:34:23.579439Z"}, {"uuid": "081ea9b3-5b63-4625-a868-b97c89b8f5a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11423", "type": "seen", "source": "https://infosec.exchange/users/random_robbie/statuses/113826825965303615", "content": "", "creation_timestamp": "2025-01-14T12:58:47.468810Z"}, {"uuid": "76066fd3-db16-42c4-a05d-8d2645e2d3b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11423", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lg7ad5jyvy2a", "content": "", "creation_timestamp": "2025-01-20T21:02:02.590203Z"}, {"uuid": "f37b57d3-83f0-448f-912e-b395133296f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11423", "type": "seen", "source": "https://t.me/cvedetector/14683", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11423 - WooCommerce Gift Cards Advanced Coupons Unauthorized Data Modification\", \n  \"Content\": \"CVE ID : CVE-2024-11423 \nPublished : Jan. 8, 2025, 11:15 a.m. | 42\u00a0minutes ago \nDescription : The Ultimate Gift Cards for WooCommerce \u2013 Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints such as /wp-json/gifting/recharge-giftcard in all versions up to, and including, 3.0.6. This makes it possible for unauthenticated attackers to recharge a gift card balance, without making a payment along with reducing gift card balances without purchasing anything. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T13:18:10.000000Z"}, {"uuid": "834d8d65-8fec-4fc4-a6eb-77138b90c018", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11423", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/693", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11423\n\ud83d\udd39 Description: The Ultimate Gift Cards for WooCommerce \u2013 Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints such as /wp-json/gifting/recharge-giftcard in all versions up to, and including, 3.0.6. This makes it possible for unauthenticated attackers to recharge a gift card balance, without making a payment along with reducing gift card balances without purchasing anything.\n\ud83d\udccf Published: 2025-01-08T11:09:24.799Z\n\ud83d\udccf Modified: 2025-01-08T11:09:24.799Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/836884b5-f547-4f50-8a97-5d910d877e5e?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3212554/woo-gift-cards-lite/trunk/includes/giftcard-redeem-api-addon.php\n3. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3208474%40woo-gift-cards-lite&new=3208474%40woo-gift-cards-lite&sfp_email=&sfph_mail=", "creation_timestamp": "2025-01-08T12:12:51.000000Z"}, {"uuid": "36931aaa-94c0-4986-b53c-1d16d358576f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11423", "type": "published-proof-of-concept", "source": "Telegram/7Mqw0CZUm1qIPt1F_gelWOs8kZmfdBYU-HTVnqqvQJce11k", "content": "", "creation_timestamp": "2025-01-08T22:00:05.000000Z"}]}