Hackers exploit bug in WordPress gift card plugin with 50K installs
Exploiting the vulnerability, tracked as CVE-2022-45359 (CVSS v3: 9.8), allows unauthenticated attackers to upload files to vulnerable sites, including web shells that provide full access to the site.