An unrestricted file upload vulnerability in the Gift Cards For WooCommerce Pro plugin allows attackers to execute arbitrary code on the host server.

This is an unrestricted file upload vulnerability. The plugin fails to properly validate the file types being uploaded, allowing an attacker to upload executable scripts (e.g., PHP files) to the server.

By uploading malicious files, an attacker can achieve remote code execution, leading to complete takeover of the web server. With a CVSS score of 10.0, this represents a critical threat to the security and data privacy of the WooCommerce environment.

Immediate Action: Update the Gift Cards For WooCommerce Pro plugin to the latest version immediately.

Proactive Monitoring: Scan the site's upload directories for suspicious files and review server logs for unusual POST requests or file access.

Compensating Controls: Implement file upload restrictions at the web server level to block executable file extensions (e.g., .php, .phtml) in sensitive directories.

Public Exploit Available: false

Immediate patching is required to mitigate this critical vulnerability. Administrators should also perform a forensic review to ensure that no malicious files have already been uploaded and executed.