CVE-2021-4391 (ultimate_gift_cards_for_woocommerce)

The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the mwb_wgm_save_post() function. This makes it possible for unauthenticated attackers to modify product gift card details via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

attackers card cross-site cross-site request forgery cve forgery function gift card gift cards missing nonce plugin product request validation vulnerable woocommerce wordpress