Aggregates CVE and security vulnerability intelligence across all codemenschen-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk sql injection, with potential vendor impact data exposure across vendor surface production workloads and vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-13520 | The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'update_voucher_price', 'update_voucher_date', 'update_voucher_note' functions in all versions up to, and including, 4.4.9. This makes it possible for unauthenticated attackers to update the value, expiration date, and user note for any gift voucher. | [email protected] | 5.3 | 0.29% | 2025-02-20 | 2026-04-08 |
| CVE-2023-28662 | The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action. | [email protected] | 9.8 | 42.19% | 2023-03-22 | 2025-02-25 |
| CVE-2018-16159 | The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request. | [email protected] | 9.8 | 50.85% | 2018-08-30 | 2024-11-21 |