PatchSiren

Codemenschen CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Codemenschen CVE published 2026-07-13

CVE-2026-57415

CVE-2026-57415 is a Stored Cross-Site Scripting (XSS) vulnerability in the Gift Vouchers plugin for WordPress. The issue affects Gift Vouchers from n/a through version 4.7.0. The vulnerability allows an attacker to inject malicious scripts into web pages, potentially leading to unauthorized actions or data theft. Administrators and users of the Gift Vouchers plugin for WordPress should be aware of this vu [truncated]

MEDIUM Codemenschen CVE published 2026-07-13

CVE-2026-57412

A Missing Authorization vulnerability exists in Gift Vouchers plugin versions up to 4.6.9. This issue allows for Exploiting Incorrectly Configured Access Control Security Levels, with a CVSS score of 6.5 and a severity of MEDIUM. The vulnerability can be exploited due to incorrectly configured access control security levels. Users of Gift Vouchers plugin versions up to 4.6.9 should review and adjust acces [truncated]