CVSS 10.0CVSS 10.0 · CRITICAL
CVE-2026-45444
Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6.
Ver en NVDAnálisis
A critical unrestricted file upload vulnerability in the Gift Cards For WooCommerce Pro WordPress plugin allows attackers to upload and execute malicious files. This can lead to complete remote code execution and full server compromise for sites using this plugin version 4.2.6 or earlier.
Severidad
Puntaje: 10.0(CRITICAL)
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HAV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE):
CWE-434EPSS
Probabilidad de explotación (próx. 30 días): 0.0004 (0.0%)
Percentil: 13.0%
EPSS: 2026-05-21
Descripción técnica
Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6.
Publicada: 20/5/2026, 20:16:40
Última modificación: 21/5/2026, 15:19:30