Arbitrary File Upload Vulnerability in WP Swings Gift Cards For WooCommerce Pro
CVE-2026-45444

10CRITICAL

Key Information:

Vendor: WordPress
Status: Gift Cards For WooCommerce Pro
Vendor: CVE Published:; 20 May 2026

What is CVE-2026-45444?

The WP Swings Gift Cards For WooCommerce Pro plugin has a vulnerability that allows unauthorized users to upload files of malicious types. This can lead to severe security risks, allowing attackers to execute harmful scripts or obtain sensitive data by leveraging the plugin's functionalities. Websites utilizing affected versions of this plugin must take immediate action to mitigate potential threats posed by this vulnerability.

Affected Version(s)

Gift Cards For WooCommerce Pro <= 4.2.6

References

https://patchstack.com/database/wordpress/plugin/giftware...

vdb-entry

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2026
Vulnerability Reserved
May 12, 2026

Credit

Joe Bruno, Principal Security Engineer | Monarx

Patchstack

CVE-2026-45444 Data

JSON

WordPress

What is CVE-2026-45444?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit