cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11423,https://securityvulnerability.io/vulnerability/CVE-2024-11423,Unauthorized Data Modification in WooCommerce Gift Card Plugin by WordPress,"The Ultimate Gift Cards for WooCommerce plugin facilitates the creation and management of digital gift cards for e-commerce sites. However, a security flaw exists due to the absence of proper capability checks on multiple REST API endpoints (such as /wp-json/gifting/recharge-giftcard). This vulnerability enables attackers without authentication to alter gift card balances, recharge gift cards without payment, and unlawfully reduce gift card values, posing significant risks to both merchants and customers.",Wordpress,"Gift Cards For WooCommerce Pro,Ultimate Gift Cards For WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, And Use Advance Coupons With Personalized Templates",7.5,HIGH,0.000539999979082495,false,,false,false,true,true,false,false,2025-01-08T11:09:24.799Z,0
CVE-2024-1857,https://securityvulnerability.io/vulnerability/CVE-2024-1857,Sensitive Information Exposure in The Ultimate Gift Cards for WooCommerce Plugin,"The Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the wps_wgm_preview_email_template(). This makes it possible for unauthenticated attackers to read password protected and draft posts that may contain sensitive data.",Wordpress,"Ultimate Gift Cards For WooCommerce – Create, Redeem & Manage Digital Gift Certificates With Personalized Templates",5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-16T08:37:16.003Z,0
CVE-2021-4391,https://securityvulnerability.io/vulnerability/CVE-2021-4391,Cross-Site Request Forgery in Ultimate Gift Cards for WooCommerce Plugin by WordPress,"The Ultimate Gift Cards for WooCommerce plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) due to improper nonce validation in the mwb_wgm_save_post() function. This allows unauthenticated attackers to exploit the vulnerability by tricking an authenticated user, such as a site administrator, into executing malicious actions, potentially altering gift card product details through a crafted request.",Wordpress,"Ultimate Gift Cards For WooCommerce – Create, Redeem & Manage Digital Gift Certificates With Personalized Templates",4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2023-07-01T04:26:49.143Z,0