Skip to content
CVSS 10.0CVSS 10.0 · CRITICAL

CVE-2026-45444

Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6.

Ver en NVD

Análisis

A critical unrestricted file upload vulnerability in the Gift Cards For WooCommerce Pro WordPress plugin allows attackers to upload and execute malicious files. This can lead to complete remote code execution and full server compromise for sites using this plugin version 4.2.6 or earlier.

Severidad

Puntaje: 10.0(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-434

EPSS

Probabilidad de explotación (próx. 30 días): 0.0004 (0.0%)
Percentil: 13.0%
EPSS: 2026-05-21

Descripción técnica

Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6.

Publicada: 20/5/2026, 20:16:40
Última modificación: 21/5/2026, 15:19:30

Referencias

InicioEventosBlogRecursosEquipo