What the vulnerability does
01Description
Missing Authorization vulnerability in ahmadshyk Gift Cards for WooCommerce woo-giftcards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gift Cards for WooCommerce: from n/a through <= 1.5.8.
Explanation of Vulnerability in Simple Terms
02Summary
Gift Cards for WooCommerce versions 1.5.8 and earlier lack proper authorization checks, allowing authenticated users to modify gift card data they should not have access to. An attacker with a low-privilege account can alter gift card records through direct API or form requests. The vulnerability affects data integrity but does not expose sensitive information or disrupt site availability.
What an attacker can do
03Attacker Capabilities
Modify gift card records belonging to other users or the store.
Potential impact on your site
04Site Impact
Gift card data integrity is at risk; customers' gift card balances or details could be altered by other users.
Conditions required to exploit
05Prerequisites
Attacker must have a valid WooCommerce user account with low-level privileges.
Key dates
06Disclosure timeline
April 1, 2025
CVE published
May 11, 2026
Record updated