CVE-2024-13520 Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) <= 4.4.9 - Missing Authorization to Unauthenticated Price, Date, and Note Updates

The Gift Cards Gift Vouchers and Packages WooCommerce Supported plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'updatevoucherprice', 'updatevoucherdate', 'updatevouchernote' functions in all versions up to, and...

CVE-2024-13520

CVE-2024-13520 — The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) WordPress plugin is vulnerable due to a missing capability check in update_voucher_price, update_voucher_date, and update_voucher_note, affecting all versions up to 4.4.6. This allows unauthenticated attackers to...

CVE-2024-9165 Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) <= 4.4.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Gift Cards Gift Vouchers and Packages WooCommerce Supported plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...