Does Gift Up Gift Cards for WordPress and WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Gift Up Gift Cards for WordPress and WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Gift Up Gift Cards for WordPress and WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Gift Up Gift Cards for WordPress and WooCommerce 3.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Gift Up Gift Cards for WordPress and WooCommerce compatible with PHP 5.6+?

Gift Up Gift Cards for WordPress and WooCommerce requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is Gift Up Gift Cards for WordPress and WooCommerce's security score?

Gift Up Gift Cards for WordPress and WooCommerce has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Gift Up Gift Cards for WordPress and WooCommerce Security & Risk Analysis

wordpress.org/plugins/gift-up

The simplest way to sell gift cards online. Sell your own gift cards, gift certificates and gift vouchers from inside your WordPress website easily wi …

5K active installs v3.2 PHP 5.6+ WP 3.0.1+ Updated Feb 25, 2026

gift-cardsgift-certificategift-certificatesgift-voucherswoocommerce

A · Safe

CVEs total3

Unpatched0

Last CVEDec 4, 2023

Plugin page Download

Safety Verdict

Is Gift Up Gift Cards for WordPress and WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Gift Up Gift Cards for WordPress and WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Dec 4, 2023Updated 1mo ago

Risk Assessment

The "gift-up" plugin v3.2 presents a mixed security posture. On the positive side, the static analysis reveals a very small attack surface with only one shortcode entry point and no unprotected AJAX or REST API endpoints. The code demonstrates good practices by utilizing prepared statements for all SQL queries and implementing nonce and capability checks on several fronts. However, a significant concern is the 21% of output that is not properly escaped, indicating a potential for Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not handled carefully before being displayed.

The taint analysis shows one flow with unsanitized paths, which, while not classified as critical or high, still represents a potential risk for path traversal or unauthorized file access if not properly mitigated within the plugin's logic. The vulnerability history is a major red flag, with a total of three known CVEs, all classified as medium severity. While currently none are unpatched, the past occurrence of CSRF and XSS vulnerabilities suggests a recurring pattern of input validation and authorization issues within the plugin's development.

In conclusion, "gift-up" v3.2 has strengths in its limited attack surface and use of prepared statements. Nevertheless, the unescaped output, the identified taint flow, and the history of medium severity vulnerabilities, particularly those related to XSS and CSRF, necessitate caution. Developers should prioritize addressing the unescaped output and thoroughly review the logic handling unsanitized paths. Continued vigilance and prompt patching of any future vulnerabilities are crucial.

Key Concerns

Medium severity CVEs in history
Unescaped output detected
Taint flow with unsanitized paths

Vulnerabilities

Gift Up Gift Cards for WordPress and WooCommerce Security Vulnerabilities

CVEs by Year

3 CVEs in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2023-49744medium · 5.3Cross-Site Request Forgery (CSRF)

Gift Up 2.21.3 - Cross-Site Request Forgery via consume_post

Dec 4, 2023 Patched in 2.22 (50d)

WF-95abec2d-a03a-4b07-8890-18568650c41f-gift-upmedium · 5.3Cross-Site Request Forgery (CSRF)

Gift Up 2.21.3 - Cross-Site Request Forgery via consume_post

Dec 1, 2023 Patched in 2.22 (53d)

CVE-2023-5703medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gift Up Gift Cards for WordPress and WooCommerce <= 2.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Nov 3, 2023 Patched in 2.20.2 (81d)

Code Analysis

Analyzed Mar 16, 2026

Gift Up Gift Cards for WordPress and WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

102 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

79% escaped129 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths

<class-giftup-woocommerce> (includes\class-giftup-woocommerce.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Gift Up Gift Cards for WordPress and WooCommerce Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[giftup] giftup.php:205

WordPress Hooks 31

actionplugins_loadedgiftup.php:88

actioninitgiftup.php:112

actionbefore_woocommerce_initgiftup.php:129

actionbefore_woocommerce_initgiftup.php:132

actioninitgiftup.php:134

filterloco_compile_single_jsongiftup.php:184

filterload_script_translation_filegiftup.php:185

actioninitincludes\class-giftup-settings.php:13

actionadmin_menuincludes\class-giftup-settings.php:24

actionadmin_noticesincludes\class-giftup-settings.php:30

actioninitincludes\class-giftup-woocommerce-block.php:14

actionwoocommerce_blocks_cart_block_registrationincludes\class-giftup-woocommerce-block.php:23

actionwoocommerce_blocks_checkout_block_registrationincludes\class-giftup-woocommerce-block.php:30

filterwdp_calculate_totals_hook_priorityincludes\class-giftup-woocommerce.php:24

actionwoocommerce_after_calculate_totalsincludes\class-giftup-woocommerce.php:27

actionwoocommerce_order_after_calculate_totalsincludes\class-giftup-woocommerce.php:28

actionwoocommerce_cart_totals_before_order_totalincludes\class-giftup-woocommerce.php:31

actionwoocommerce_review_order_before_order_totalincludes\class-giftup-woocommerce.php:34

actionwoocommerce_checkout_create_orderincludes\class-giftup-woocommerce.php:37

actionwoocommerce_store_api_checkout_order_processedincludes\class-giftup-woocommerce.php:40

actionwoocommerce_cart_emptiedincludes\class-giftup-woocommerce.php:43

actionwoocommerce_cart_item_removedincludes\class-giftup-woocommerce.php:44

actionwoocommerce_pre_payment_completeincludes\class-giftup-woocommerce.php:47

actionwoocommerce_order_status_processingincludes\class-giftup-woocommerce.php:48

actionwoocommerce_order_status_pre-orderedincludes\class-giftup-woocommerce.php:49

actionwoocommerce_order_status_completedincludes\class-giftup-woocommerce.php:50

actionwoocommerce_payment_completeincludes\class-giftup-woocommerce.php:51

actionwp_footerincludes\class-giftup-woocommerce.php:54

actionwp_enqueue_scriptsincludes\class-giftup-woocommerce.php:56

actionwoocommerce_admin_order_totals_after_taxincludes\class-giftup-woocommerce.php:64

filterwoocommerce_get_order_item_totalsincludes\class-giftup-woocommerce.php:67

Maintenance & Trust

Gift Up Gift Cards for WordPress and WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 25, 2026

PHP min version5.6

Downloads208K

Community Trust

Rating98/100

Number of ratings233

Active installs5K

Alternatives

Gift Up Gift Cards for WordPress and WooCommerce Alternatives

Ultimate Gift Cards for WooCommerce

woo-gift-cards-lite

Create, sell and manage WooCommerce gift cards to attract more sales and multiply your revenue at your online store.

7K 3 CVEs

Store credit / Gift cards for woocommerce

store-credit-for-woocommerce

Offer store credit or gift cards to customers that they can use until their credit is finished

100 1 CVE

VaocherApp – Gift cards/vouchers system for WordPress & WooCommerce

vaocher-app

Sell your own gift cards, gift vouchers and gift certificates from your WordPress website (WooCommerce compatible) easily in just a few minutes

40 No CVEs

Wyseme Gift Cards for WooCommerce by Saara INC – Create Gift card for https://wyse.me/ platform.

wyseme-giftcard-by-saara

100

This plugin is made for specifically for the merchant those are using https://wyse.me/ platform. This plugin should not be consider as a general giftc …

0 No CVEs

PW WooCommerce Gift Cards

pw-woocommerce-gift-cards

100

Sell gift cards to your WooCommerce store, in just a few minutes!

20K No CVEs

Developer Profile

Gift Up Gift Cards for WordPress and WooCommerce Developer Profile

Gift Up!

1 plugin · 5K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

61 days

View full developer profile

Detection Fingerprints

How We Detect Gift Up Gift Cards for WordPress and WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gift-up/blocks/build/checkout-block/giftup-checkout-block-integration.php/wp-content/plugins/gift-up/view/giftup-checkout.php/wp-content/plugins/gift-up/includes/class-giftup-cache.php/wp-content/plugins/gift-up/includes/class-giftup-api.php/wp-content/plugins/gift-up/includes/class-giftup-options.php/wp-content/plugins/gift-up/includes/class-giftup-settings.php/wp-content/plugins/gift-up/includes/class-giftup-diagnostics.php/wp-content/plugins/gift-up/includes/class-giftup-woocommerce.php

HTML / DOM Fingerprints

Shortcode Output

[giftup]

FAQ