Primary

Context

Ultimate Gift Cards for WooCommerce Missing Authorization Vulnerability Allowing Unauthorized Balance Modifications

Vulnerability

Patched

A vulnerability exists in the Ultimate Gift Cards for WooCommerce plugin, specifically in versions through 3.0.6. The issue arises from several REST API endpoints lacking proper capability checks, which enables unauthenticated users to manipulate gift card balances. Exploitation of this vulnerability allows for recharging gift cards without payment and reducing gift card values without any purchase.

Impact

Exploitation of this vulnerability could lead to unauthorized gift card balance modifications, allowing users to gain credits without payment or reduce balances without making a purchase.

Remediation

Users are advised to update the Ultimate Gift Cards for WooCommerce plugin to version 3.0.7 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

8.2

remediation

7.7

relevance

0.0

threat

3.6

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

8.2

remediation

7.7

relevance

0.0

threat

3.6

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ultimate Gift Cards for WooCommerce Missing Authorization Vulnerability Allowing Unauthorized Balance Modifications

Vulnerability

Impact

Remediation

Affected Products

WP Swings Ultimate Gift Cards for WooCommerce

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating