6 matches found
CVE-2025-47569 WordPress WooCommerce Ultimate Gift Card plugin <= 2.8.10 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPSwings WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email Templates. This issue affects WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards...
Exploit for Unrestricted Upload of File with Dangerous Type in Wpswings Woocommerce_Ultimate_Gift_Card
Wordpress WooCommerce Ultimate Gift Card = 2.6.0 - Unauthenti...
CVE-2024-8425
The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwbwgmpreviewmail' and 'mwbwgmwoocommerceaddcartitemdata' functions in all versions up to, and including, 2.9.2. This makes it possible for...
CVE-2024-8425 WooCommerce Ultimate Gift Card <= 2.9.2 - Unauthenticated Arbitrary File Upload
The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwbwgmpreviewmail' and 'mwbwgmwoocommerceaddcartitemdata' functions in all versions up to, and including, 2.9.2. This makes it possible for...
CVE-2024-53740
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPSwings WooCommerce Ultimate Gift Card woocommerce-ultimate-gift-card allows Reflected XSS.This issue affects WooCommerce Ultimate Gift Card: from n/a through 2.9.1...
CVE-2024-53740
CVE-2024-53740 is a reflected XSS in the WordPress plugin “WooCommerce Ultimate Gift Card” (notFound variant) prior to version 2.9.1. The issue arises from improper input neutralization during web page generation, allowing attacker-controlled input to be reflected in a page. Affected product: Woo...