3 matches found
CVE-2018-16159
CVE-2018-16159 affects the WordPress Gift Vouchers plugin (versions up to 2.0.1; later fixed in 4.1.8). The vulnerability is a blind SQL injection via the template_id parameter in the wpgv_doajax_front_template AJAX request (wp-admin/admin-ajax.php). Root cause: insufficient input handling for te...
CVE-2023-28662
The CVE-2023-28662 entry concerns the WordPress Gift Cards (Gift Vouchers and Packages) plugin, affected versions 4.3.1 and earlier. The vulnerability is an unauthenticated SQL injection in the template parameter of the wpgv_doajax_voucher_pdf_save_func action, enabling arbitrary data access via ...
CVE-2024-13520
CVE-2024-13520 — The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) WordPress plugin is vulnerable due to a missing capability check in update_voucher_price, update_voucher_date, and update_voucher_note, affecting all versions up to 4.4.6. This allows unauthenticated attackers to...