CVE-2024-13520
📋 TL;DR
This vulnerability allows unauthenticated attackers to modify gift voucher values, expiration dates, and user notes in WordPress sites using the Gift Cards plugin. Any WordPress site with this plugin installed and not updated is affected. Attackers can manipulate gift card data without any authentication.
💻 Affected Systems
- Gift Cards (Gift Vouchers and Packages) WordPress plugin
📦 What is this software?
Gift Vouchers by Codemenschen
⚠️ Risk & Real-World Impact
Worst Case
Attackers could devalue all gift cards to zero, set immediate expiration dates, and add malicious notes, causing complete loss of gift card functionality and financial damage to the business.
Likely Case
Attackers will modify gift card values and expiration dates to steal value or disrupt gift card operations, leading to financial loss and customer service issues.
If Mitigated
With proper network controls and monitoring, unauthorized modifications can be detected and prevented before significant damage occurs.
🎯 Exploit Status
The vulnerability is simple to exploit as it requires no authentication and involves basic HTTP requests to specific endpoints.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.4.7 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/gift-voucher/trunk/include/edit-order-voucher.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find 'Gift Cards (Gift Vouchers and Packages)'. 4. Click 'Update Now' if available, or download version 4.4.7+ from WordPress repository. 5. Activate the updated plugin.
🔧 Temporary Workarounds
Disable vulnerable endpoints via .htaccess
linuxBlock access to the vulnerable PHP files using Apache mod_rewrite rules
RewriteEngine On
RewriteRule ^wp-content/plugins/gift-voucher/include/edit-order-voucher\.php$ - [F,L]
Temporarily disable plugin
allDeactivate the Gift Cards plugin until patched
wp plugin deactivate gift-voucher
🧯 If You Can't Patch
- Disable the Gift Cards plugin completely
- Implement web application firewall rules to block requests to /wp-content/plugins/gift-voucher/include/edit-order-voucher.php
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Gift Cards plugin version. If version is 4.4.6 or lower, you are vulnerable.Check Version:
wp plugin get gift-voucher --field=versionVerify Fix Applied:
Confirm plugin version is 4.4.7 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- HTTP POST requests to /wp-content/plugins/gift-voucher/include/edit-order-voucher.php
- Unusual modifications to gift voucher records in database
Network Indicators:
- POST requests to gift voucher endpoints from unauthenticated sources
- Unusual patterns of gift card value changes
SIEM Query:
source="web_logs" AND uri="/wp-content/plugins/gift-voucher/include/edit-order-voucher.php" AND method="POST"🔗 References
- https://plugins.trac.wordpress.org/browser/gift-voucher/trunk/include/edit-order-voucher.php#L30
- https://plugins.trac.wordpress.org/browser/gift-voucher/trunk/include/edit-order-voucher.php#L5
- https://plugins.trac.wordpress.org/browser/gift-voucher/trunk/include/edit-order-voucher.php#L56
- https://www.wordfence.com/threat-intel/vulnerabilities/id/190a21cd-9716-4a57-a793-63309c339427?source=cve
