SQL Injection Vulnerability in Gift Vouchers Plugin for WordPress
CVE-2018-16159

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Gift Vouchers
Vendor: CVE Published:; 30 August 2018

Summary

The Gift Vouchers plugin, utilized by numerous WordPress sites, contains a vulnerability that allows an attacker to execute SQL injection attacks through the template_id parameter when making a request to wp-admin/admin-ajax.php with the wpgv_doajax_front_template action. This could lead to unauthorized access to sensitive data within the database, potentially compromising the integrity and confidentiality of user information and website operations.

References

https://wpvulndb.com/vulnerabilities/9117

x_refsource_MISC

https://www.exploit-db.com/exploits/45255/

exploitx_refsource_EXPLOIT-DB

EPSS Score

69% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 30, 2018
Vulnerability Reserved
Aug 30, 2018