CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-8425

Critical Severity
SVRS
84/100
CVSSv3
9.8/10
EPSS
0.00316/1

CVE-2024-8425: Critical WordPress WooCommerce Ultimate Gift Card Plugin vulnerability allows for arbitrary file uploads. Unauthenticated attackers can exploit insufficient file type validation in versions up to 2.6.0, potentially leading to remote code execution. SOCRadar Vulnerability Risk Score (SVRS) of 84 indicates this is a critical vulnerability requiring immediate action. This flaw, categorized as CWE-434, enables the upload of malicious files to the server, escalating the risk of system compromise. Given that it's tagged as "In The Wild", the likelihood of exploitation is significantly higher, making patching and mitigation a top priority for any site using the affected plugin. The high CVSS score of 9.8 further emphasizes the severity and potential impact of this vulnerability. Failure to address this issue could lead to complete system takeover.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2025-02-28
LAST MODIFIED2025-03-06

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists
Ajit Jasrotia2025-03-03
⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists | This week, a 23-year-old Serbian activist found themselves at the crossroads of digital danger when a sneaky zero-day exploit turned their Android device into a target. Meanwhile, Microsoft pulled back the curtain on a scheme where cybercriminals used AI tools for harmful pranks, and a massive trove of live secrets was discovered, reminding us that […] The post ⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches
allhackernews.com
rss
forum
news
CVE-2024-8425 | WP Swings WooCommerce Ultimate Gift Card Plugin up to 2.6.0 on WordPress mwb_wgm_preview_mail unrestricted upload
vuldb.com2025-02-28
CVE-2024-8425 | WP Swings WooCommerce Ultimate Gift Card Plugin up to 2.6.0 on WordPress mwb_wgm_preview_mail unrestricted upload | A vulnerability, which was classified as critical, has been found in WP Swings WooCommerce Ultimate Gift Card Plugin up to 2.6.0 on WordPress. This issue affects the function mwb_wgm_preview_mail. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2024
vuldb.com
rss
forum
news

Social Media

CVE-2024-8425 (CVSS:9.8, CRITICAL) is Awaiting Analysis. The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file..https://t.co/I8Ovvl9VoD #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
0
0
0
[CVE-2024-8425: CRITICAL] WordPress WooCommerce Ultimate Gift Card plugin (up to v2.6.0) has a severe security flaw allowing attackers to upload arbitrary files, potentially leading to remote code execution.#cybersecurity,#vulnerability https://t.co/uiXDYrEYni https://t.co/mD8Vxuck20
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://codecanyon.net/item/woocommerce-ultimate-gift-card/19191057
[email protected]https://www.wordfence.com/threat-intel/vulnerabilities/id/6ebffb82-7455-40c9-9ffd-b78e0e73e431?source=cve

CWE Details

CWE IDCWE NameDescription
CWE-434Unrestricted Upload of File with Dangerous TypeThe software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence