Description
Server-Side Request Forgery (SSRF) vulnerability in Gift Up! Gift Up Gift Cards for WordPress and WooCommerce gift-up allows Server Side Request Forgery.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through <= 3.1.7.
Published: 2026-03-13
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Server Side Request Forgery (SSRF)
Action: Patch
AI Analysis

Impact

The Gift Up! Gift Cards for WordPress and WooCommerce plugin contains a Server Side Request Forgery (SSRF) flaw (CWE-918). This vulnerability allows a malicious actor to instruct the server to make HTTP requests to arbitrary URLs, which can result in the disclosure of internal network information or the retrieval of sensitive data from other services. The specific consequences depend on the target URL and the server’s network context, and are not detailed in the vendor’s description.

Affected Systems

All releases of the Gift Up! Gift Cards for WordPress and WooCommerce plugin from the initial release through version 3.1.7 inclusive are affected.

Risk and Exploitability

The CVSS base score is 5.4, indicating moderate severity. The EPSS score is below 1%, suggesting a low current likelihood of exploitation. This vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Based on the description, it is inferred that the SSRF can be triggered via plugin administrative or promotional endpoints that accept user-supplied URLs, enabling remote attackers to send arbitrary outbound requests from the server.

Generated by OpenCVE AI on March 19, 2026 at 16:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Gift Up! plugin to version 3.1.8 or later to remove the SSRF flaw
  • If an immediate update is not possible, disable or delete the plugin to eliminate the attack vector
  • Monitor outgoing network traffic from the web server for unexpected outbound requests that may indicate exploitation attempts
  • Configure the site’s firewall or intrusion detection system to alert on unusual outbound HTTP requests originating from the server

Generated by OpenCVE AI on March 19, 2026 at 16:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Giftup
Giftup gift Up Gift Cards For Wordpress And Woocommerce
Wordpress
Wordpress wordpress
Vendors & Products Giftup
Giftup gift Up Gift Cards For Wordpress And Woocommerce
Wordpress
Wordpress wordpress

Sun, 15 Mar 2026 04:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Server-Side Request Forgery (SSRF) vulnerability in Gift Up! Gift Up Gift Cards for WordPress and WooCommerce gift-up allows Server Side Request Forgery.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through <= 3.1.7.
Title WordPress Gift Up Gift Cards for WordPress and WooCommerce plugin <= 3.1.7 - Server Side Request Forgery (SSRF) vulnerability
Weaknesses CWE-918
References

Subscriptions

Giftup Gift Up Gift Cards For Wordpress And Woocommerce
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:16:12.372Z

Reserved: 2026-03-12T11:11:19.857Z

Link: CVE-2026-32412

cve-icon Vulnrichment

Updated: 2026-03-13T18:25:51.061Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:58.203

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32412

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T12:03:50Z

Weaknesses