CVE-2026-45444
Deferred Deferred - Pending Action
Unrestricted File Upload in Gift Cards For WooCommerce Pro

Publication date: 2026-05-20

Last updated on: 2026-05-20

Assigner: Patchstack

Description
Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-20
Last Modified
2026-05-20
Generated
2026-06-10
AI Q&A
2026-05-20
EPSS Evaluated
2026-06-08
NVD
CVE-2026-45444
EUVD
EUVD-2026-31149
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
wp_swings gift_cards_for_woocommerce_pro to 4.2.6 (inc)
wp_swings gift_cards_for_woocommerce_pro From 4.2.6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-45444 is an Arbitrary File Upload vulnerability in the WordPress Gift Cards For WooCommerce Pro Plugin, specifically versions 4.2.6 and below.

This flaw allows unauthenticated attackers to upload malicious files, including backdoors, to the affected website.

Because of this, attackers can gain further unauthorized access to the compromised site.

Impact Analysis

This vulnerability has a critical impact with a CVSS score of 10, indicating extreme danger and a high likelihood of exploitation.

If exploited, attackers can upload malicious files such as backdoors, which can lead to full site compromise.

This can result in unauthorized access, data theft, defacement, or use of the site for malicious purposes.

Immediate mitigation or updating the plugin is advised to prevent such impacts.

Detection Guidance

The vulnerability allows unauthenticated attackers to upload malicious files, including backdoors, to the affected WordPress plugin. Detection would involve monitoring for unexpected file uploads or suspicious files within the plugin's upload directories.

Specific commands or detection methods are not provided in the available resources.

Mitigation Strategies

Immediate mitigation steps include applying the Patchstack mitigation rule to block attacks targeting this vulnerability until an official patch is released.

Updating the Gift Cards For WooCommerce Pro plugin to a version beyond 4.2.6, once available, is advised.

Seeking assistance from your hosting provider or a developer to implement temporary protections or monitoring is also recommended.

Compliance Impact

The vulnerability allows unauthenticated attackers to upload malicious files, including backdoors, which can lead to unauthorized access and potential data breaches.

Such unauthorized access and potential data compromise can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data.

Failure to address this vulnerability could result in violations of these regulations due to inadequate security controls and potential exposure of protected data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45444. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart