Data Modification Vulnerability in WooCommerce Gift Cards Plugin
CVE-2024-13520

5.3MEDIUM

Key Information:

Vendor
WordPress
Status
Gift Cards (gift Vouchers And Packages) (WooCommerce Supported)
Vendor
CVE Published:
20 February 2025

Summary

The Gift Cards (Gift Vouchers and Packages) plugin for WordPress is susceptible to unauthorized data modifications due to inadequate capability checks in critical functions. Specifically, functions like 'update_voucher_price', 'update_voucher_date', and 'update_voucher_note' lack proper authentication measures, enabling unauthenticated attackers to alter gift voucher details. This vulnerability affects all versions up to and including 4.4.6, allowing potential exploitation that could lead to data loss or unauthorized changes in voucher values and expiration settings.

Affected Version(s)

Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) * <= 4.4.6

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/gift-voucher/t...
https://plugins.trac.wordpress.org/browser/gift-voucher/t...

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tieu Pham Trong Nhan
.