CVE-2025-5103

Name of the Vulnerable Software and Affected Versions Ultimate Gift Cards for WooCommerce plugin for WordPress versions prior to 3.1.5

Description The issue is related to boolean-based SQL Injection via the default price and product id parameters. This is due to insufficient escaping of user-supplied parameters and lack of preparation on existing SQL queries. Authenticated attackers with Administrator-level access or higher can append additional SQL queries to existing ones, potentially extracting sensitive information from the database.

Recommendations For versions prior to 3.1.5, update to version 3.1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the default price and product id parameters to minimize the risk of exploitation.