CVE-2024-8425

Critical CVSS: 9.8

The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwb_wgm_preview_mail' and 'mwb_wgm_woocommerce_add_cart_item_data' functions in all versions up to, and including, 2.6.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Vendor

Wpswings

Product

Woocommerce Ultimate Gift Card

CWE

CWE-434

Yayın Tarihi

2025-02-28 09:15:11

Güncelleme

2025-03-06 17:58:44

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-434 Woocommerce Ultimate Gift Card CRITICAL Wpswings 2025

Referanslar

https://codecanyon.net/item/woocommerce-ultimate-gift-card/19191057 https://www.wordfence.com/threat-intel/vulnerabilities/id/6ebffb82-7455-40c9-9ffd-b78e0e73e431?source=cve

Benzer Kayıtlar

Medium

CVE-2025-5103

The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to boolean-based SQL Injection via the 'defau…

Medium

CVE-2024-13724

The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for Wor…

Medium

CVE-2024-13682

The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for Wor…

Medium

CVE-2024-13692

The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Feature…

Medium

CVE-2024-13641

The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Feature…