CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44633 – WordPress YITH WooCommerce Gift Cards Premium plugin <= 3.23.1 - Unauth. Gift Card Creation Leading to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2022-44633
10 May 2023 — Missing Authorization vulnerability in YITH YITH WooCommerce Gift Cards Premium.This issue affects YITH WooCommerce Gift Cards Premium: from n/a through 3.23.1. Vulnerabilidad de autorización faltante en YITH YITH WooCommerce Gift Cards Premium. Este problema afecta a YITH WooCommerce Gift Cards Premium: desde n/a hasta 3.23.1. The YITH WooCommerce Gift Cards Premium plugin for WordPress is vulnerable to unauthorized gift card creation due to a missing capability check on one of its functions in versions up... • https://patchstack.com/database/vulnerability/yith-woocommerce-gift-cards-premium/wordpress-yith-woocommerce-gift-cards-premium-plugin-3-23-1-unauth-gift-card-creation-leading-to-stored-xss-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35627
https://notcve.org/view.php?id=CVE-2020-35627
28 Dec 2020 — Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code. Once it contains the function "Custom Gift Card Template", the function of uploading a custom image is used, changing the name of the image extension to PHP and executing PHP code on the server. Ultimate WooCommerce Gift Cards versión 3.0.2, está afectada por una vulnerabilidad de carga de archivos en la Custom GiftCard Template que puede ejecutar remotam... • https://gist.github.com/bc0d3/cbc458f0fcbe0f897e529c7f3d77c9d6 • CWE-434: Unrestricted Upload of File with Dangerous Type •