PT-2024-18366 · WordPress · The Ultimate Gift Cards For Woocommerce
Krzysztof Zając
·
Published
2024-03-16
·
Updated
2024-03-17
·
CVE-2024-1857
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
The Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates plugin for WordPress versions up to, and including, 2.6.6
Description
The issue allows unauthenticated attackers to read password-protected and draft posts that may contain sensitive data via the
wps wgm preview email template() function. This makes it possible for attackers to expose sensitive information.Recommendations
For versions up to, and including, 2.6.6, consider disabling the
wps wgm preview email template() function until a patch is available to prevent unauthenticated attackers from reading sensitive data.Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
The Ultimate Gift Cards For Woocommerce