Is CVE-2023-28662 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Gift Cards (Gift Vouchers And Packages) Wordpress Plugin

Q: What is CVE-2023-28662?

CVE-2023-28662 is a vulnerability in Gift Cards (Gift Vouchers And Packages) Wordpress Plugin. Published 2023-03-22.

CVE-2023-28662

The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action.

EPSS: 0.743 (98.9th percentile) — read the EPSS interpretation.

Affected products

N/a Gift Cards (Gift Vouchers And Packages) Wordpress Plugin — versions <= 4.3.1

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
JoshuaMart/JoshuaMart

References

www.tenable.com/security/research/tra-2023-2

Frequently asked questions

What is CVE-2023-28662?: CVE-2023-28662 is a vulnerability in Gift Cards (Gift Vouchers And Packages) Wordpress Plugin. Published 2023-03-22.
Is CVE-2023-28662 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.