CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2026-45444

CVSS 10.0v3.1pub. 2026-05-20upd. 2026-05-21

Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-434 (Unrestricted Upload of File with Dangerous Type) results from the lack of proper verification of the type and content of files uploaded by the plugin. An attacker can upload an executable file (such as a PHP webshell) to the server without the need for authentication, authorization, or user interaction. The network attack vector (AV:N) with no required privileges (PR:N) and no user interaction (UI:N) means that the exploit can be executed remotely by anyone with access to the network.

Impact

An attacker can gain the ability to execute code remotely (RCE) on the server by running an uploaded malicious file, which can lead to complete server takeover, data theft, website content modification, and lateral movement in the hosting infrastructure.

Mitigation & patch

The 'Gift Cards For WooCommerce Pro' plugin should be updated immediately to a version higher than 4.2.6. Detailed information about available patches can be found in the producer's references and in the Patchstack database. Until the update is performed, it is recommended to consider temporarily disabling the plugin.

Who is affected

The 'Gift Cards For WooCommerce Pro' plugin by WP Swings in versions from its inception through 4.2.6 inclusive, running on the WordPress platform with WooCommerce.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References