Skip to main content

Gift4U

1 CVEs product

Monthly

CVE-2026-54809 CRITICAL Act Now

Blind SQL injection in the VillaTheme GIFT4U WordPress plugin (versions through 1.0.10) allows remote unauthenticated attackers to inject arbitrary SQL into backend queries via unsanitized user input. The CVSS 9.3 score reflects a scope-changed impact with high confidentiality loss and partial availability impact, though no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

SQLi Gift4U
NVD
CVSS 3.1
9.3
EPSS
0.2%
EPSS 0% CVSS 9.3
CRITICAL Act Now

Blind SQL injection in the VillaTheme GIFT4U WordPress plugin (versions through 1.0.10) allows remote unauthenticated attackers to inject arbitrary SQL into backend queries via unsanitized user input. The CVSS 9.3 score reflects a scope-changed impact with high confidentiality loss and partial availability impact, though no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

SQLi Gift4U
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy