CVE-2024-0431 is a Cross-Site Request Forgery (CSRF) vulnerability identified in the Gestpay for WooCommerce plugin for WordPress, affecting all versions up to and including 20221130. The vulnerability stems from missing or incorrect nonce validation in the 'ajax_set_default_card' AJAX function, which is responsible for setting the default card token for a user. Nonce validation is a critical security mechanism in WordPress to ensure that requests are legitimate and initiated by authorized users. Due to the absence of proper nonce checks, an unauthenticated attacker can craft a malicious request that, when executed by a site administrator (for example, by clicking a specially crafted link), changes the default payment card token associated with the administrator's account. This attack vector leverages the administrator's privileges and requires user interaction, specifically the administrator's action to trigger the request. The vulnerability does not expose confidential information directly nor does it affect system availability, but it compromises the integrity of payment settings by allowing unauthorized modification. The CVSS v3.1 base score is 4.3 (medium), reflecting the network attack vector, low attack complexity, no privileges required, but requiring user interaction and limited impact to integrity only. No patches or official fixes are linked yet, and no known exploits have been reported in the wild. The vulnerability is classified under CWE-352, which covers CSRF issues where state-changing requests lack proper validation. This vulnerability is significant for e-commerce sites using WooCommerce with the Gestpay plugin, as it could lead to unauthorized payment method changes, potentially facilitating fraudulent transactions or financial misdirection.

The primary impact of CVE-2024-0431 is on the integrity of payment configurations within affected WooCommerce sites using the Gestpay plugin. An attacker can manipulate the default card token for a user, potentially redirecting payments or causing financial loss. Although confidentiality and availability are not directly affected, the unauthorized modification of payment details can lead to fraudulent transactions, loss of customer trust, and financial damage. Organizations relying on this plugin for payment processing are at risk of compromised transaction integrity, which can have downstream effects such as chargebacks, reputational harm, and regulatory scrutiny. The requirement for administrator interaction limits the attack scope but does not eliminate risk, especially in environments where administrators may be targeted via phishing or social engineering. The vulnerability's network-based attack vector means it can be exploited remotely, increasing exposure. Given WooCommerce's widespread use globally, especially in small to medium-sized e-commerce businesses, the potential impact is significant across diverse sectors. The absence of known exploits in the wild suggests limited current exploitation but does not preclude future attacks.

To mitigate CVE-2024-0431, organizations should immediately verify if they are using the affected versions of the Gestpay for WooCommerce plugin and upgrade to a patched version once available. In the absence of an official patch, site administrators can implement manual nonce validation in the 'ajax_set_default_card' function to ensure requests are legitimate and originate from authorized users. Additionally, administrators should be trained to recognize and avoid clicking suspicious links, especially those received via email or messaging platforms. Employing Web Application Firewalls (WAFs) with custom rules to detect and block suspicious CSRF attempts targeting the plugin's AJAX endpoints can provide interim protection. Regularly monitoring logs for unusual changes to payment settings can help detect exploitation attempts early. Enforcing multi-factor authentication (MFA) for administrator accounts reduces the risk of account compromise that could facilitate exploitation. Finally, maintaining a robust backup and incident response plan ensures rapid recovery if unauthorized changes occur.