cbcvebase.

Wpswings Woocommerce Ultimate Gift Card vulnerabilities

3 known vulnerabilities affecting wpswings/woocommerce_ultimate_gift_card.

Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH1

Vulnerabilities

Page 1 of 1
CVE-2024-8425P1CRITICALCVSS 9.8ExploitedPoC≤ 2.6.02025-02-28
CVE-2024-8425 [CRITICAL] CWE-434 CVE-2024-8425: The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwb_wgm_preview_mail' and 'mwb_wgm_woocommerce_add_cart_item_data' functions in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the
nvd
CVE-2025-47569P2CRITICALCVSS 9.3≤ 2.9.62025-09-09
CVE-2025-47569 [CRITICAL] CWE-89 CVE-2025-47569: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPSwings WooCommerce Ultimate Gift Card woocommerce-ultimate-gift-card allows Blind SQL Injection.This issue affects WooCommerce Ultimate Gift Card: from n/a through <= 2.9.6.
nvd
CVE-2024-53740P4HIGHCVSS 7.1≤ 2.9.12024-12-02
CVE-2024-53740 [HIGH] CWE-79 CVE-2024-53740: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPSwings WooCommerce Ultimate Gift Card woocommerce-ultimate-gift-card allows Reflected XSS.This issue affects WooCommerce Ultimate Gift Card: from n/a through < 2.9.1.
nvd
Wpswings Woocommerce Ultimate Gift Card vulnerabilities | cvebase