WordPress Gift Cards For WooCommerce Pro plugin <= 4.2.6 - Arbitrary File Upload vulnerability

Description

Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6.

Affected Products

Vendor	Product	Versions
wp swings	gift cards for woocommerce pro	n/a

References

https://patchstack.com/database/wordpress/plugin/giftware/vulnerability/wordpress-gift-cards-for-woocommerce-pro-plugin-4-2-6-arbitrary-file-upload-vulnerability?_s_id=cve(vdb-entry)

Related News (1 articles)

Tier C

VulDB14h ago

CVE-2026-45444 | WP Swings Gift Cards for WooCommerce Pro Plugin up to 4.2.6 on WordPress unrestricted upload

→ No new info (linked only)

CVSS 3.110.0 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA KEV✅ Yes

Actively exploited✅ Yes

CWECWE-434

PublishedMay 20, 2026

Last enriched14h agov2

Trending Score93

Source articles1

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

Version History

Last enriched 14h ago

v2Tier C14h ago

Updated exploit availability to false and marked the vulnerability as actively exploited.

activelyExploited

via VulDB

v115h ago

Initial creation