Skip to content
CVSS 10.0CVSS 10.0 · CRITICAL

CVE-2026-45444

Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6.

View on NVD

Analysis

A critical unrestricted file upload vulnerability in the Gift Cards For WooCommerce Pro WordPress plugin allows attackers to upload and execute malicious files. This can lead to complete remote code execution and full server compromise for sites using this plugin version 4.2.6 or earlier.

Severity

Score: 10.0(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-434

EPSS

Probability of exploitation (next 30 days): 0.0004 (0.0%)
Percentile: 13.0%
EPSS: 2026-05-21

Technical description

Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6.

Published: 5/20/2026, 8:16:40 PM
Last modified: 5/21/2026, 3:19:30 PM

References

HomeEventsBlogResourcesTeam