CVE-2020-35627

Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code. Once it contains the function "Custom Gift Card Template", the function of uploading a custom image is used, changing the name of the image extension to PHP and executing PHP code on the server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
VendorProductVersion
woocommercegift_cards
3.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/bc0d3/cbc458f0fcbe0f897e529c7f3d77c9d6
https://makewebbetter.com/product/giftware-woocommerce-gift-cards/
https://gist.github.com/bc0d3/cbc458f0fcbe0f897e529c7f3d77c9d6
https://makewebbetter.com/product/giftware-woocommerce-gift-cards/