cve/2024/CVE-2024-11423.md

### [CVE-2024-11423](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11423)
![](https://img.shields.io/static/v1?label=Product&message=Gift%20Cards%20for%20WooCommerce%20Pro&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Ultimate%20Gift%20Cards%20for%20WooCommerce%20%E2%80%93%20Create%20WooCommerce%20Gift%20Cards%2C%20Gift%20Vouchers%2C%20Redeem%20%26%20Manage%20Digital%20Gift%20Coupons.%20Offer%20Gift%20Certificates%2C%20Schedule%20Gift%20Cards%2C%20and%20Use%20Advance%20Coupons%20With%20Personalized%20Templates&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.9.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.0.6%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)

### Description

The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints such as /wp-json/gifting/recharge-giftcard in all versions up to, and including, 3.0.6. This makes it possible for unauthenticated attackers to recharge a gift card balance, without making a payment along with reducing gift card balances without purchasing anything.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/RandomRobbieBF/CVE-2024-11423