Wordpress Gift Cards <= 4.3.1 - SQL Injection

The Gift Cards Gift Vouchers and Packages WordPress Plugin, version = 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgvdoajaxvoucherpdfsavefunc action. id: CVE-2023-28662 info: name: Wordpress Gift Cards = 4.3.1 - SQL Injection author: xxcd...

EUVD-2025-30390

Malicious code in bioql PyPI...

EUVD-2025-27616

Malicious code in bioql PyPI...

CVE-2025-10778

A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...

CVE-2025-10778

A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...

CVE-2025-10778 Smartstore Gift Voucher confirm race condition

A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...

CVE-2025-10778 Smartstore Gift Voucher confirm race condition

A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...

CVE-2025-10778

Vulnerability summary (CVE-2025-10778) : A race condition exists in the Gift Voucher Handler component of Smartstore, located in the unknown function within the /checkout/confirm/ path, affecting Smartstore versions up to 6.2.0 (and addressed in later advisories recommending 6.2.1+). The issue ca...

Smartstore 竞争条件问题漏洞

Smartstore is an e-commerce platform open-sourced by Smartstore AG. A Competitive Condition Issue vulnerability exists in Smartstore version 6.2.0 and earlier, which stems from a competitive condition in file/checkout/confirm in the component Gift Voucher Handler, which could lead to a remote...

PT-2025-38677

Name of the Vulnerable Software and Affected Versions Smartstore versions prior to 6.2.1 Description A race condition exists in the Gift Voucher Handler component of Smartstore. The issue is located in an unknown function within the /checkout/confirm/ file. The attack can be initiated remotely an...

CVE-2025-10216

A vulnerability was detected in GrandNode up to 2.3.0. The impacted element is an unknown function of the file /checkout/ConfirmOrder/ of the component Voucher Handler. The manipulation of the argument giftvouchercouponcode results in race condition. The attack may be launched remotely. The attac...

CVE-2025-10216

A vulnerability was detected in GrandNode up to 2.3.0. The impacted element is an unknown function of the file /checkout/ConfirmOrder/ of the component Voucher Handler. The manipulation of the argument giftvouchercouponcode results in race condition. The attack may be launched remotely. The attac...

CVE-2025-10216 GrandNode Voucher ConfirmOrder race condition

A vulnerability was detected in GrandNode up to 2.3.0. The impacted element is an unknown function of the file /checkout/ConfirmOrder/ of the component Voucher Handler. The manipulation of the argument giftvouchercouponcode results in race condition. The attack may be launched remotely. The attac...

CVE-2025-10216

GrandNode (versions up to 2.3.0) is affected by a race condition in the Voucher Handler, specifically in the /checkout/ConfirmOrder/ path where manipulating the giftvouchercouponcode argument can trigger the issue. The description across multiple sources indicates remote exploitation is possible ...

PT-2025-37100

Name of the Vulnerable Software and Affected Versions: GrandNode versions prior to 2.3.0 Description: A flaw exists in GrandNode up to version 2.3.0 within the Voucher Handler component, specifically in the /checkout/ConfirmOrder/ file. Manipulation of the giftvouchercouponcode argument can trigg...

WordPress Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin <= 4.4.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Gift Vouchers versions = 4.4.4...

Gift Voucher < 4.3.3 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the template parameter before using it in a SQL statement via the wpgvdoajaxvoucherpdfsavefunc AJAX action, leading to a SQL injection exploitable by any authenticated users, such as subscriber PoC curl "http://$TARGETHOST/wp-admin/admin-ajax.php"...

Gift Voucher < 4.3.3 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the template parameter before using it in a SQL statement via the wpgvdoajaxvoucherpdfsavefunc AJAX action, leading to a SQL injection exploitable by any authenticated users, such as subscriber curl "http://$TARGETHOST/wp-admin/admin-ajax.php" --da...

WordPress Gift Voucher plugin <=1.0.5 - Authenticated Blind SQL Injection (SQLi) vulnerability

Authenticated Blind SQL Injection SQLi vulnerability found by Renos Nikolaou in WordPress Gift Voucher plugin versions =2.0.1. Solution 2018.09.01 - we were unable to find information about fixed vulnerability...

WordPress Plugin Gift Voucher SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin Gift Voucher, which can be exploited by an attacker to obtain...