Yith Woocommerce Gift Cards

yith_woocommerce_gift_cards

Vendor: Yithemes • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-45359 1Yithemes 1Yith Woocommerce Gift Cards Nov 21, 2024 Dec 6, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards premium plugin <= 3.19.0 on WordPress.
CVE-2021-3120 1Yithemes 1Yith Woocommerce Gift Cards Nov 21, 2024 Feb 22, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in the security context...Show more An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in the security context of the web server. In order to exploit this vulnerability, an attacker must be able to place a valid Gift Card product into the shopping cart. An uploaded file is placed at a predetermined path on the web server with a user-specified filename and extension. This occurs because the ywgc-upload-picture parameter can have a .php value even though the intention was to only allow uploads of Gift Card images.Show less
CVE-2019-16251 1Yithemes 38Yith Advanced Refund System For Woocommerce Yith Color And Label Variations For WoocommerceYith Custom Thank You Page For Woocommerce+35 more Jun 17, 2026 Oct 31, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes.