A critical vulnerability in the WordPress plugin YITH WooCommerce Gift Cards, which has over 50,000 worldwide installations. The bug, tracked as CVE-2022-45359, is being actively abused by threat actors. An unauthenticated hacker can upload files to vulnerable sites, completely taking over a compromised site.