cleantalk
Vulnerabilities and Security Researches

WooCommerce Multiple Free Gift, CVE-2022-3459

CVE, Research URL

CVE-2022-3459

Home page URL

Security reports for WooCommerce Multiple Free Gift

Application

WooCommerce Multiple Free Gift

Published on
Sep 14, 2024
Research Description
The WooCommerce Multiple Free Gift plugin for WordPress is vulnerable to gift manipulation in all versions up to, and including, 1.2.3. This is due to plugin not enforcing server-side checks on the products that can be added as a gift. This makes it possible for unauthenticated attackers to add non-gift items to their cart as a gift.
Affected versions
Min -, max 1.2.3.
Status
vulnerable
Previous vulnerability researches
WooCommerce Multiple Free Gift (CVE-2022-3459) , Sep 15, 2024
New vulnerability
Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! , Aug 08, 2025
Gutenverse – Gutenberg Blocks – Page Builder for Site Editor (CVE-2025-7727) , Aug 07, 2025
Flex Guten – A Multipurpose Gutenberg Blocks Plugin (CVE-2025-6256) , Aug 07, 2025
Simple File List (CVE-2025-54021) , Aug 07, 2025
Newsletters (CVE-2025-54034) , Aug 07, 2025