cbcvebase.

Codemenschen Gift Vouchers vulnerabilities

4 known vulnerabilities affecting codemenschen/gift_vouchers.

Total CVEs
4
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2018-16159P1CRITICALCVSS 9.8ExploitedPoC≤ 2.0.12018-08-30
CVE-2018-16159 [CRITICAL] CWE-89 CVE-2018-16159: The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parame The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.
nvd
CVE-2023-28662P2CRITICALCVSS 9.8PoC≤ 4.3.12023-03-22
CVE-2023-28662 [CRITICAL] CWE-89 CVE-2023-28662: The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an un The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action.
nvd
CVE-2024-13520P4MEDIUMCVSS 5.3≤ 4.4.62025-02-20
CVE-2024-13520 [MEDIUM] CWE-862 CVE-2024-13520: The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerab The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'update_voucher_price', 'update_voucher_date', 'update_voucher_note' functions in all versions up to, and including, 4.4.9. This makes it possible for unauth
nvd
CVE-2024-32436P4MEDIUMCVSS 4.3≥ n/a, ≤ 4.4.02024-04-15
CVE-2024-32436 [MEDIUM] CWE-352 CVE-2024-32436: Cross-Site Request Forgery (CSRF) vulnerability in Codemenschen Gift Vouchers.This issue affects Gif Cross-Site Request Forgery (CSRF) vulnerability in Codemenschen Gift Vouchers.This issue affects Gift Vouchers: from n/a through 4.4.0.
nvd
Codemenschen Gift Vouchers vulnerabilities | cvebase