CVE-2026-45444
Unrestricted File Upload in Gift Cards For WooCommerce Pro
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wp_swings | gift_cards_for_woocommerce_pro | to 4.2.6 (inc) |
| wp_swings | gift_cards_for_woocommerce_pro | From 4.2.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-45444 is an Arbitrary File Upload vulnerability in the WordPress Gift Cards For WooCommerce Pro Plugin, specifically versions 4.2.6 and below.
This flaw allows unauthenticated attackers to upload malicious files, including backdoors, to the affected website.
Because of this, attackers can gain further unauthorized access to the compromised site.
How can this vulnerability impact me? :
This vulnerability has a critical impact with a CVSS score of 10, indicating extreme danger and a high likelihood of exploitation.
If exploited, attackers can upload malicious files such as backdoors, which can lead to full site compromise.
This can result in unauthorized access, data theft, defacement, or use of the site for malicious purposes.
Immediate mitigation or updating the plugin is advised to prevent such impacts.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability allows unauthenticated attackers to upload malicious files, including backdoors, to the affected WordPress plugin. Detection would involve monitoring for unexpected file uploads or suspicious files within the plugin's upload directories.
Specific commands or detection methods are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the Patchstack mitigation rule to block attacks targeting this vulnerability until an official patch is released.
Updating the Gift Cards For WooCommerce Pro plugin to a version beyond 4.2.6, once available, is advised.
Seeking assistance from your hosting provider or a developer to implement temporary protections or monitoring is also recommended.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated attackers to upload malicious files, including backdoors, which can lead to unauthorized access and potential data breaches.
Such unauthorized access and potential data compromise can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data.
Failure to address this vulnerability could result in violations of these regulations due to inadequate security controls and potential exposure of protected data.