YITH WooCommerce Gift Cards Premium, a WordPress plugin used on more than 50,000 websites, has a serious security hole that hackers are actively attempting to exploit. Unauthenticated attackers can upload files to susceptible websites, including web shells that give full site access, by taking advantage of the vulnerability, tracked as CVE-2022-45359 (CVSS v3: 9.8).
The vulnerability, CVE-2022-45359, which affects all plugin versions up to 3.19.0, was made public on November 22, 2022. Version 3.20.0 of the vendor’s security update was the one that fixed the issue, however version 3.21.0 is now the suggested upgrade target.