CVE-2022-3459

Name of the Vulnerable Software and Affected Versions WooCommerce Multiple Free Gift plugin for WordPress versions up to, and including, 1.2.3

Description The issue arises from the plugin not enforcing server-side checks on the products that can be added as a gift. This allows unauthenticated attackers to add non-gift items to their cart as a gift.

Recommendations For versions up to, and including, 1.2.3, update to a version that enforces server-side checks on gift products to prevent manipulation. As a temporary workaround, consider restricting the types of products that can be added as gifts to minimize the risk of exploitation.