CVE-2024-1857
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/03/2024
Last modified:
08/04/2026
Description
The Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the wps_wgm_preview_email_template(). This makes it possible for unauthenticated attackers to read password protected and draft posts that may contain sensitive data.
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM
References to Advisories, Solutions, and Tools
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3046745%40woo-gift-cards-lite&new=3046745%40woo-gift-cards-lite
- https://www.wordfence.com/threat-intel/vulnerabilities/id/2b0d0c44-0ee8-400b-a4ea-e5520c2a6710?source=cve
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3046745%40woo-gift-cards-lite&new=3046745%40woo-gift-cards-lite
- https://www.wordfence.com/threat-intel/vulnerabilities/id/2b0d0c44-0ee8-400b-a4ea-e5520c2a6710?source=cve