Codemenschen Gift Vouchers vulnerabilities
4 known vulnerabilities affecting codemenschen/gift_vouchers.
Total CVEs
4
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2018-16159P1CRITICALCVSS 9.8ExploitedPoC≤ 2.0.12018-08-30
CVE-2018-16159 [CRITICAL] CWE-89 CVE-2018-16159: The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parame
The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.
nvd
CVE-2023-28662P2CRITICALCVSS 9.8PoC≤ 4.3.12023-03-22
CVE-2023-28662 [CRITICAL] CWE-89 CVE-2023-28662: The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an un
The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action.
nvd
CVE-2024-13520P4MEDIUMCVSS 5.3≤ 4.4.62025-02-20
CVE-2024-13520 [MEDIUM] CWE-862 CVE-2024-13520: The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerab
The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'update_voucher_price', 'update_voucher_date', 'update_voucher_note' functions in all versions up to, and including, 4.4.9. This makes it possible for unauth
nvd
CVE-2024-32436P4MEDIUMCVSS 4.3≥ n/a, ≤ 4.4.02024-04-15
CVE-2024-32436 [MEDIUM] CWE-352 CVE-2024-32436: Cross-Site Request Forgery (CSRF) vulnerability in Codemenschen Gift Vouchers.This issue affects Gif
Cross-Site Request Forgery (CSRF) vulnerability in Codemenschen Gift Vouchers.This issue affects Gift Vouchers: from n/a through 4.4.0.
nvd