CVE-2026-45444
published 2026-05-20CVE-2026-45444: Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift…
PriorityP185critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.28%
19.9th percentile
Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files.
This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wp_swings | gift_cards_for_woocommerce_pro | n/a – 4.2.6 | — |
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
vulncheck10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
WP Swings Gift Cards for WooCommerce Pro Plugin up to 4.2.6 on WordPress unrestricted upload
vuldb·2026-05-20·CVSS 10.0
CVE-2026-45444 [CRITICAL] WP Swings Gift Cards for WooCommerce Pro Plugin up to 4.2.6 on WordPress unrestricted upload
A vulnerability, which was classified as critical, has been found in WP Swings Gift Cards for WooCommerce Pro Plugin up to 4.2.6 on WordPress. This vulnerability affects unknown code. This manipulation causes unrestricted upload.
The identification of this vulnerability is CVE-2026-45444. It is possible to initiate the attack remotely. There is no exploit available.
GHSA
GHSA-w7h5-vx9m-v9jx: Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files
ghsa_unreviewed·2026-05-20
CVE-2026-45444 [CRITICAL] CWE-434 GHSA-w7h5-vx9m-v9jx: Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files
Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files.
This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6.
VulnCheck
Unrestricted Upload of File with Dangerous Type
vulncheck·2026·CVSS 10.0
CVE-2026-45444 [CRITICAL] Unrestricted Upload of File with Dangerous Type
Unrestricted Upload of File with Dangerous Type
Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files.
This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6.
Affected: WP Swings Gift Cards For WooCommerce Pro
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://patchstack.com/database/wordpress/plugin/giftware/vulnerability/wordpress-gift-cards-for-woocommerce-pro-plugin-4-2-6-arbitrary-file-upload-vulnerability; https://www.cve.org/CVERecord?id=CVE-2026-45444
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-20
Published
Exploited in the wild