CVE-2018-16159

CRITICAL EXPLOITED NUCLEI

Gift Vouchers < 2.0.1 - SQL Injection via template_id Parameter

Title source: llm

Exploitation Summary

CVE-2018-16159 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Renos Nikolaou. A Nuclei detection template is also available.

AI-analyzed exploit summary This is a proof-of-concept for a blind SQL injection vulnerability in the WordPress Plugin Gift Voucher 1.0.5, targeting the 'template_id' parameter. The exploit demonstrates a time-based SQL injection using the 'sleep' function.

Description

The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Renos Nikolaou · textwebappsphp

https://www.exploit-db.com/exploits/45255

View Code ZIP pw:eip

This is a proof-of-concept for a blind SQL injection vulnerability in the WordPress Plugin Gift Voucher 1.0.5, targeting the 'template_id' parameter. The exploit demonstrates a time-based SQL injection using the 'sleep' function.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin Gift Voucher 1.0.5

No auth needed

Prerequisites: Access to the target WordPress site with the vulnerable plugin installed

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

WordPress Gift Voucher <4.1.8 - Blind SQL Injection

CRITICALVERIFIEDby theamanrawat

Shodan: http.html:"/wp-content/plugins/gift-voucher/"

FOFA: body="/wp-content/plugins/gift-voucher/"

References (2)

Core 2

Core References

Third Party Advisory x_refsource_misc

https://wpvulndb.com/vulnerabilities/9117

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45255/

Scores

CVSS v3 9.8

EPSS 0.5085

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-11-26

CWE

CWE-89

Status published

Products (1)

codemenschen/gift_vouchers < 2.0.1

Published Aug 30, 2018

Tracked Since Feb 18, 2026