CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44633 – WordPress YITH WooCommerce Gift Cards Premium plugin <= 3.23.1 - Unauth. Gift Card Creation Leading to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2022-44633
Missing Authorization vulnerability in YITH YITH WooCommerce Gift Cards Premium.This issue affects YITH WooCommerce Gift Cards Premium: from n/a through 3.23.1. Vulnerabilidad de autorización faltante en YITH YITH WooCommerce Gift Cards Premium. Este problema afecta a YITH WooCommerce Gift Cards Premium: desde n/a hasta 3.23.1. The YITH WooCommerce Gift Cards Premium plugin for WordPress is vulnerable to unauthorized gift card creation due to a missing capability check on one of its functions in versions up to, and including, 3.23.1. This makes it possible for unauthenticated attackers to create gift cards. • https://patchstack.com/database/vulnerability/yith-woocommerce-gift-cards-premium/wordpress-yith-woocommerce-gift-cards-premium-plugin-3-23-1-unauth-gift-card-creation-leading-to-stored-xss-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35627
https://notcve.org/view.php?id=CVE-2020-35627
Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code. Once it contains the function "Custom Gift Card Template", the function of uploading a custom image is used, changing the name of the image extension to PHP and executing PHP code on the server. Ultimate WooCommerce Gift Cards versión 3.0.2, está afectada por una vulnerabilidad de carga de archivos en la Custom GiftCard Template que puede ejecutar remotamente código arbitrario. Una vez que contiene la función "Custom Gift Card Template", la función de cargar una imagen personalizada es usada, cambiando el nombre de la extensión de la imagen a PHP y ejecutando el código PHP en el servidor • https://gist.github.com/bc0d3/cbc458f0fcbe0f897e529c7f3d77c9d6 https://makewebbetter.com/product/giftware-woocommerce-gift-cards • CWE-434: Unrestricted Upload of File with Dangerous Type •