Critical Severity vulnerability in YITH WooCommerce Gift Cards Premium

Critical Severity vulnerability in YITH WooCommerce Gift Cards Premium, a plugin with over 50,000 installations according to the vendor.

The vulnerability, reported by security researcher Dave Jong and publicly disclosed on November 22, 2022, impacts plugin versions up to and including 3.19.0 and allows unauthenticated attackers to upload executable files to WordPress sites running a vulnerable version of the plugin. This allows attackers to place a back door, obtain Remote Code Execution, and take over the site.

All customers using our Piece of Mind plan are protected against exploits targeting this vulnerability. We highly recommend updating to the latest version of the plugin, or contact our team to sign up for the piece of mind plan.