CVE-2026-45444

CRITICAL EXPLOITED

WordPress Gift Cards For WooCommerce Pro plugin <= 4.2.6 - Arbitrary File Upload vulnerability

Title source: cna

Exploitation Summary

CVE-2026-45444 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6.

References (1)

Core 1

Core References

Vdb Entry vdb-entry

https://patchstack.com/database/wordpress/plugin/giftware/vulnerability/wordpress-gift-cards-for-woocommerce-pro-plugin-4-2-6-arbitrary-file-upload-vulnerability?_s_id=cve

Scores

CVSS v3 10.0

EPSS 0.0029

EPSS Percentile 20.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2026-05-20

CWE

CWE-434

Status published

Products (1)

WP Swings/Gift Cards For WooCommerce Pro < 4.2.6

Published May 20, 2026

Tracked Since May 21, 2026