CVE-2024-13520

Name of the Vulnerable Software and Affected Versions The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress versions up to, and including, 4.4.6

Description The issue concerns unauthorized modification of data or loss of data due to a missing capability check on the update voucher price, update voucher date, and update voucher note functions. This allows unauthenticated attackers to update the value, expiration date, and user note for any gift voucher.

Recommendations For versions up to, and including, 4.4.6, update to a version higher than 4.4.6 to resolve the issue. As a temporary workaround, consider disabling the update voucher price, update voucher date, and update voucher note functions until a patch is available. Restrict access to the gift voucher management interface to minimize the risk of exploitation.