Wpswings

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-5103 1Wpswings 1Ultimate Gift Cards For Woocommerce Jul 10, 2025 Jun 3, 2025 N/A· v4 4.9 MEDIUM· v3 N/A· v2 The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to boolean-based SQL Injection via the 'default_price' and 'product_id' parameters in all versions up to, and including, 3.1.4 due to insufficien...Show more The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to boolean-based SQL Injection via the 'default_price' and 'product_id' parameters in all versions up to, and including, 3.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.Show less
CVE-2024-13724 1Wpswings 1Wallet System For Woocommerce Mar 4, 2025 Mar 4, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 2...Show more The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers to increase their own wallet balance, transfer balances between arbitrary users and initiate transfer requests from other users' wallets.Show less
CVE-2024-13682 1Wpswings 1Wallet System For Woocommerce Mar 4, 2025 Mar 4, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This...Show more The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation in class-wallet-user-table.php. This makes it possible for unauthenticated attackers to modify wallet balances via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-8425 1Wpswings 1Woocommerce Ultimate Gift Card Apr 8, 2026 Feb 28, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwb_wgm_preview_mail' and 'mwb_wgm_woocommerce_add_cart_item_data' function...Show more The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwb_wgm_preview_mail' and 'mwb_wgm_woocommerce_add_cart_item_data' functions in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Please note that this may have been patched on an older version than 2.9.2, however, we do not have access to older versions of the software to confirm when the patch was added. The only patched version we have confirmed is 2.9.3.Show less
CVE-2024-13692 1Wpswings 1Return Refund And Exchange For Woocommerce Feb 25, 2025 Feb 14, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and...Show more The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to overwrite linked refund image attachments, overwrite refund request message, overwrite order messages, and read order messages of other users.Show less
CVE-2024-13641 1Wpswings 1Return Refund And Exchange For Woocommerce Feb 25, 2025 Feb 14, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and in...Show more The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the 'attachment' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/attachment directory which can contain file attachments for order refunds.Show less
CVE-2023-27608 1Wpswings 1Points And Rewards For Woocommerce Apr 28, 2026 Mar 25, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0.
CVE-2024-25100 1Wpswings 1Coupon Referral Program Apr 28, 2026 Feb 12, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program allows Object Injection.This issue affects Coupon Referral Program: from n/a before 1.8.4.
CVE-2023-52190 1Wpswings 1Coupon Referral Program Apr 28, 2026 Jan 8, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Swings Coupon Referral Program.This issue affects Coupon Referral Program: from n/a through 1.7.2.
CVE-2021-4391 1Wpswings 1Ultimate Gift Cards For Woocommerce Apr 8, 2026 Jul 1, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the mwb_wgm_save_p...Show more The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the mwb_wgm_save_post() function. This makes it possible for unauthenticated attackers to modify product gift card details via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2022-4321 1Wpswings 1Pdf Generator For Wordpress Mar 26, 2025 Feb 6, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The PDF Generator for WordPress plugin before 1.1.2 includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin
CVE-2022-4395 1Wpswings 1Membership For Woocommerce Mar 27, 2025 Jan 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.
CVE-2022-4426 1Wpswings 1Mautic Integration For Woocommerce Apr 9, 2025 Jan 9, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 does not have proper CSRF check when updating settings, and does not ensure that the options to be updated belong to the plugin, allowing attackers to...Show more The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 does not have proper CSRF check when updating settings, and does not ensure that the options to be updated belong to the plugin, allowing attackers to make a logged in admin change arbitrary blog options via a CSRF attack.Show less
CVE-2022-4047 1Wpswings 1Return Refund And Exchange For Woocommerce Apr 14, 2025 Dec 26, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbit...Show more The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files such as PHP and lead to RCEShow less