CVE-2023-28662

2023-03-2221:15:18

CWE-89

[email protected]

web.nvd.nist.gov

cve-2023

sql injection

wordpress plugin

gift cards

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.3%

JSON

The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action.

Affected configurations

NVD

Node

codemenschengift_vouchersRange≤4.3.1wordpress

CPENameOperatorVersion
codemenschen:gift_voucherscodemenschen gift vouchersle4.3.1

CPE	Name	Operator	Version
codemenschen:gift_vouchers	codemenschen gift vouchers	le	4.3.1

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Gift Cards (Gift Vouchers and Packages) WordPress Plugin",
    "versions": [
      {
        "version": "<= 4.3.1",
        "status": "affected"
      }
    ]
  }
]