Vulnerabilities > Giftup > Gift UP Gift Cards FOR Wordpress AND Woocommerce > 1.3.6

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-15	CVE-2023-49744	Cross-Site Request Forgery (CSRF) vulnerability in Giftup Gift UP Gift Cards for Wordpress and Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in Gift Up Gift Up Gift Cards for WordPress and WooCommerce.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through 2.21.3. network low complexity giftup CWE-352	8.8
2023-11-07	CVE-2023-5703	Cross-site Scripting vulnerability in Giftup Gift UP Gift Cards for Wordpress and Woocommerce The Gift Up Gift Cards for WordPress and WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'giftup' shortcode in all versions up to, and including, 2.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity giftup CWE-79	5.4

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.