WooCommerce Ultimate Gift Card ≤ 2.6.0 - Arbitrary File Upload

The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwbwgmpreviewmail' and 'mwbwgmwoocommerceaddcartitemdata' functions in all versions up to, and including, 2.6.0. This makes it possible for...

CVE-2026-11764

When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown...

CVE-2026-11764

When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown...

CVE-2026-11764 Data exposed without proper permission

When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown...

EUVD-2026-35407

When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown...

PT-2026-47750

When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown...

CVE-2019-7855

A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation...

Holiday scams 2025: These common shopping habits make you the easiest target

Every year, shoppers get faster, savvier, and more mobile. We compare prices on the go, download apps for coupons, and jump on deals before they disappear. But during deal-heavy periods like Black Friday, Cyber Monday, and the December shopping rush, convenience can work against us. Quick...

Watch out for Walmart gift card scams

You’ve probably seen it before—a bright, urgent message claiming you’ve qualified for a $750 or $1000 Walmart gift card. All you have to do is answer a few questions. It looks harmless enough. But once you click, you find yourself in a maze of surveys, redirects, and "partner offers"—without ever...

'Jingle Thief' Hackers Exploit Cloud Infrastructure to Steal Millions in Gift Cards

Cybersecurity researchers have shed light on a cybercriminal group called Jingle Thief that has been observed targeting cloud environments associated with organizations in the retail and consumer services sectors for gift card fraud. "Jingle Thief attackers use phishing and smishing to steal...

EUVD-2020-23293

Malware in sbrugna...

EUVD-2022-2056

Malicious code in bioql PyPI...

EUVD-2024-52072

Malicious code in bioql PyPI...

EUVD-2025-27441

Malicious code in bioql PyPI...

CVE-2025-47569

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPSwings WooCommerce Ultimate Gift Card woocommerce-ultimate-gift-card allows Blind SQL Injection.This issue affects WooCommerce Ultimate Gift Card: from n/a through = 2.9.6...

CVE-2025-47569

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPSwings WooCommerce Ultimate Gift Card woocommerce-ultimate-gift-card allows Blind SQL Injection.This issue affects WooCommerce Ultimate Gift Card: from n/a through = 2.9.6...

CVE-2025-47569

CVE-2025-47569 is a SQL injection vulnerability in the WPSwings WooCommerce Ultimate Gift Card plugin. Affected versions include up to 2.8.10 (with some sources noting

CVE-2025-47569 WordPress WooCommerce Ultimate Gift Card plugin <= 2.8.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPSwings WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email Templates. This issue affects WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards...

CVE-2025-47569 WordPress WooCommerce Ultimate Gift Card plugin <= 2.9.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPSwings WooCommerce Ultimate Gift Card woocommerce-ultimate-gift-card allows Blind SQL Injection.This issue affects WooCommerce Ultimate Gift Card: from n/a through = 2.9.6...

WordPress plugin WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email Templates SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin WooCommerce Ultimate Gift...