WooCommerce Ultimate Gift Card 漏洞列表

WooCommerce Ultimate Gift Card 是 WordPress 平台上的一款用于创建、销售和管理礼品卡的插件。该插件在 mwb_wgm_preview_mail 和 mwb_wgm_woocommerce_add_cart_item_data 函数中存在文件类型验证不足的安全缺陷，导致未授权攻击者可上传任意文件至服务器。此漏洞可能被利用实现远程代码执行，从而完全控制受影响网站。由于该漏洞利用门槛低且危害严重，建议所有使用该插件的网站立即升级至最新版本。

The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwb_wgm_preview_mail' and 'mwb_wgm_woocommerce_add_cart_item_data' functions in all versions up to, and including, 2.6.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwb_wgm_preview_mail' and 'mwb_wgm_woocommerce_add_cart_item_data' functions in all versions up to, and including, 2.6.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.