Lucene search
K

689 matches found

Nuclei
Nuclei
added 16 hours ago29 views

WooCommerce Ultimate Gift Card ≤ 2.6.0 - Arbitrary File Upload

The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwbwgmpreviewmail' and 'mwbwgmwoocommerceaddcartitemdata' functions in all versions up to, and including, 2.6.0. This makes it possible for...

9.8CVSS8AI score0.03858EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday78 views

Wordpress Gift Cards <= 4.3.1 - SQL Injection

The Gift Cards Gift Vouchers and Packages WordPress Plugin, version = 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgvdoajaxvoucherpdfsavefunc action. id: CVE-2023-28662 info: name: Wordpress Gift Cards = 4.3.1 - SQL Injection author: xxcd...

9.8CVSS7.2AI score0.42186EPSS
Exploits2References4
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37600

Subscriber Arbitrary File Upload in Kids Gift Shop = 0.5.4 versions...

9.9CVSS5.2AI score0.00434EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-40748

Subscriber Arbitrary File Upload in Kids Gift Shop = 0.5.4 versions...

9.9CVSS0.00434EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:51 a.m.12 views

CVE-2026-40748

CVE-2026-40748 affects the WordPress Kids Gift Shop theme (versions ≤ 0.5.4). The vulnerability is described as an Arbitrary File Upload in the Subscriber context. Public details in connected sources indicate a very high severity CVSS v3.1 score (9.9, CRITICAL) with network access, low attack com...

9.9CVSS5.2AI score0.00434EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:51 a.m.26 views

CVE-2026-40748 WordPress Kids Gift Shop theme <= 0.5.4 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Kids Gift Shop = 0.5.4 versions...

9.9CVSS0.00434EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 3:0 p.m.12 views

CVE-2026-11764

When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown...

6.9CVSS5.5AI score0.00229EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 1:16 p.m.14 views

CVE-2026-11764

When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown...

6.9CVSS0.00229EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:54 a.m.24 views

CVE-2026-11764

CVE-2026-11764 describes a data exposure where exporting all reusable media includes gift card secrets, even for users without permission to view gift cards. This indicates a permission boundary bypass, since the UI/API only reveal partial (first letters) of the secret, yet the export leaks full ...

6.9CVSS5.5AI score0.00229EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 11:54 a.m.10 views

CVE-2026-11764 Data exposed without proper permission

When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown...

6.9CVSS5.5AI score0.00229EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 11:54 a.m.30 views

CVE-2026-11764 Data exposed without proper permission

When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown...

6.9CVSS0.00229EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 11:54 a.m.10 views

EUVD-2026-35407

When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown...

6.9CVSS5.5AI score0.00229EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-47750

When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown...

6.9CVSS5.5AI score0.00229EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

pretix 安全漏洞

Pretix is a ticketing system developed by the German company Pretix. Pretix has a security vulnerability. This vulnerability stems from including the secrets of connected gift cards during the creation of all reusable media exports. As a result, it is possible for users who create these exports t...

6.9CVSS5.4AI score0.00229EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/26 2:12 p.m.14 views

CVE-2026-45444

Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6...

10CVSS5.8AI score0.00282EPSS
Exploits0References1
NVD
NVD
added 2026/05/20 8:16 p.m.22 views

CVE-2026-45444

Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6...

10CVSS0.00282EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/20 6:0 p.m.29 views

CVE-2026-45444 WordPress Gift Cards For WooCommerce Pro plugin <= 4.2.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6...

10CVSS0.00282EPSS
Exploits0References1
CVE
CVE
added 2026/05/20 6:0 p.m.20 views

CVE-2026-45444

CVE-2026-45444 describes an arbitrary file upload vulnerability in the WordPress plugin Gift Cards For WooCommerce Pro (WP Swings Gift Cards For WooCommerce Pro) up to version 4.2.6. The issue is triggered by uploading a file of an unrestricted/ dangerous type, potentially enabling the attacker t...

10CVSS5.8AI score0.00282EPSS
In wildExploits0References1
EUVD
EUVD
added 2026/05/20 6:0 p.m.16 views

EUVD-2026-31149

Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6...

10CVSS5.8AI score0.00282EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/20 6:0 p.m.13 views

CVE-2026-45444 WordPress Gift Cards For WooCommerce Pro plugin <= 4.2.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6...

10CVSS5.8AI score0.00282EPSS
Exploits0References1
Rows per page
Query Builder