CVE-2025-5103: 
WordPress vulnerability analysis and mitigation

The Ultimate Gift Cards for WooCommerce plugin for WordPress contains a boolean-based SQL Injection vulnerability (CVE-2025-5103) affecting versions up to and including 3.1.4. The vulnerability exists in the 'defaultprice' and 'productid' parameters due to insufficient escaping of user-supplied parameters and inadequate SQL query preparation (NVD).

The vulnerability is classified as an SQL Injection (CWE-89) that allows authenticated attackers with Administrator-level access to append additional SQL queries to existing queries. This can be exploited to extract sensitive information from the database. The vulnerability has been assigned a CVSS v3.1 Base Score of 4.9 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N (NVD).

The vulnerability allows authenticated attackers with Administrator-level access to potentially extract sensitive information from the database through SQL injection techniques. The CVSS score indicates high confidentiality impact but no impact on integrity or availability (NVD).

The vulnerability has been fixed in version 3.1.5 of the Ultimate Gift Cards for WooCommerce plugin. Users should update to this version or later to mitigate the vulnerability (WordPress Plugin).