CVE-2018-16159

Name of the Vulnerable Software and Affected Versions The Gift Vouchers plugin versions prior to 2.0.2

Description The issue allows SQL Injection via the template id parameter in a "wp-admin/admin-ajax.php" wpgv doajax front template request. This could potentially lead to unauthorized access to sensitive data.

Recommendations For The Gift Vouchers plugin versions prior to 2.0.2, update to version 2.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the wp-admin/admin-ajax.php endpoint to minimize the risk of exploitation. Avoid using the template id parameter in the affected API endpoint until the issue is resolved.