WordPress Plugin Vulnerabilities

Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates < 2.6.7 - Missing Authorization to Unauthenticated Information Exposure

Description

The Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the wps_wgm_preview_email_template(). This makes it possible for unauthenticated attackers to read password protected and draft posts that may contain sensitive data.

Affects Plugins

Plugin icon
woo-gift-cards-lite
Fixed in 2.6.7

References

CVE
CVE-2024-1857
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/2b0d0c44-0ee8-400b-a4ea-e5520c2a6710

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając
Verified
No
WPVDB ID
a4e9b2a9-93c2-4655-ad2a-bca983be10de

Timeline

Publicly Published
2024-03-15 (about 2 years ago)
Added
2024-03-15 (about 2 years ago)
Last Updated
2024-03-15 (about 2 years ago)

Other

Published
Title
Published
2023-10-18
Title
Headline Analyzer < 1.3.2 - Missing Authorization via REST APIs
Published
2024-04-02
Title
ShortPixel Adaptive Images < 3.8.3 - Missing Authorization in activate_ai_handler and deactivate_ai_handler
Published
2026-05-09
Title
AI Product Search for WooCommerce – Motive Commerce Search < 1.38.3 - Missing Authorization
Published
2025-02-17
Title
Team Builder – Meet the Team <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update
Published
2025-12-19
Title
Pretty Google Calendar < 2.0.1 - Missing Authorization to Unauthenticated Google API Key Exposure