WordPress · Woocommerce Ultimate Gift Card · CVE-2025-5103
**Name of the Vulnerable Software and Affected Versions**
Ultimate Gift Cards for WooCommerce plugin for WordPress versions prior to 3.1.5
**Description**
The issue is related to boolean-based SQL Injection via the `default price` and `product id` parameters. This is due to insufficient escaping of user-supplied parameters and lack of preparation on existing SQL queries. Authenticated attackers with Administrator-level access or higher can append additional SQL queries to existing ones, potentially extracting sensitive information from the database.
**Recommendations**
For versions prior to 3.1.5, update to version 3.1.5 or later to resolve the issue.
As a temporary workaround, consider restricting access to the `default price` and `product id` parameters to minimize the risk of exploitation.