CVE-2022-45359

WordPress YITH WooCommerce Gift Cards Premium Plugin <= 3.19.0 is vulnerable to Arbitrary File Upload

Basic Information

CVE State: PUBLISHED
Reserved Date: November 14, 2022
Published Date: December 06, 2022
Last Updated: February 20, 2025
Vendor: YITH
Product: YITH WooCommerce Gift Cards
Description: Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards premium plugin <= 3.19.0 on WordPress.
Tags

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Score: 17.43% (Percentile: 94.68%) as of 2025-05-12

SSVC Information

Exploitation: none
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2022-12-22 09:23:55 UTC) Source

References

https://patchstack.com/database/vulnerability/yith-woocommerce-gift-cards-premium/wordpress-yith-woocommerce-gift-cards-premium-plugin-3-19-0-unauth-arbitrary-file-upload-vulnerability?_s_id=cve

Known Exploited Vulnerability Information

Source	Added Date
Wordfence	2022-12-22 09:23:55 UTC

Timeline

CVE ID Reserved

November 14, 2022
CVE Published to Public

December 06, 2022
Added to KEVIntel

December 22, 2022