CVSS 10.0CVSS 10.0 · CRITICAL
CVE-2026-45444
Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6.
View on NVDAnalysis
A critical unrestricted file upload vulnerability in the Gift Cards For WooCommerce Pro WordPress plugin allows attackers to upload and execute malicious files. This can lead to complete remote code execution and full server compromise for sites using this plugin version 4.2.6 or earlier.
Severity
Score: 10.0(CRITICAL)
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HAV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE):
CWE-434EPSS
Probability of exploitation (next 30 days): 0.0004 (0.0%)
Percentile: 13.0%
EPSS: 2026-05-21
Technical description
Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6.
Published: 5/20/2026, 8:16:40 PM
Last modified: 5/21/2026, 3:19:30 PM