WP-Safety

Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) Security & Risk Analysis

wordpress.org/plugins/gift-voucher

Let your customers buy gift cards/certificates for your services & products directly on your website.

1K active installs v4.6.4 PHP 5.6+ WP 4.0+ Updated Feb 5, 2026
generate-gift-cardsgift-cardsgift-certificatesgift-voucherpremium-vouchers
91
A · Safe
CVEs total6
Unpatched0
Last CVEFeb 19, 2025
Plugin page Download
Safety Verdict

Is Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) Safe to Use in 2026?

Generally Safe

Score 91/100

Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Feb 19, 2025Updated 1mo ago
Risk Assessment

The "gift-voucher" plugin v4.6.4 exhibits a mixed security posture. While it demonstrates some good practices, such as a high percentage of prepared statements for SQL queries and proper output escaping, significant concerns remain. The presence of 15 unprotected AJAX handlers out of a total of 29 entry points is a major red flag, indicating a large attack surface that could be exploited without proper authorization. Furthermore, the taint analysis revealed 6 high-severity flows with unsanitized paths, suggesting potential vulnerabilities that could be triggered by malicious input.

The plugin's vulnerability history is particularly troubling, with 6 known CVEs, including 2 critical ones. The common vulnerability types like Missing Authorization, Cross-site Scripting (XSS), CSRF, and SQL Injection, coupled with the recent critical vulnerabilities, point to a pattern of insecure coding practices. Although there are currently no unpatched CVEs, the historical prevalence of critical and medium vulnerabilities suggests that the plugin may have underlying architectural weaknesses or that its development team struggles with consistently implementing secure coding standards.

In conclusion, while the plugin shows some strengths in areas like SQL preparedness and output escaping, the high number of unprotected entry points, critical taint flows, and a history of significant vulnerabilities necessitate a cautious approach. The potential for authorization bypasses, XSS, CSRF, and SQL injection, especially through the unprotected AJAX handlers and unsanitized taint flows, presents a substantial risk. Users should be aware of these risks and consider alternatives or ensure robust security measures are in place.

Key Concerns

  • 15 unprotected AJAX handlers
  • 6 high severity taint flows
  • 2 critical known CVEs
  • 4 medium known CVEs
  • History of SQL Injection
  • History of XSS
  • History of Missing Authorization
  • History of CSRF
  • Bundled Stripe PHP library
Vulnerabilities
6

Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) Security Vulnerabilities

CVEs by Year

1 CVE in 2018
2018
2 CVEs in 2023
2023
2 CVEs in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
2
Medium
4

6 total CVEs

CVE-2024-13520medium · 5.3Missing Authorization

Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) <= 4.4.9 - Missing Authorization to Unauthenticated Price, Date, and Note Updates

Feb 19, 2025 Patched in 4.5.0 (12d)
CVE-2024-9165medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) <= 4.4.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

Oct 30, 2024 Patched in 4.4.5 (9d)
CVE-2024-32436medium · 4.3Cross-Site Request Forgery (CSRF)

Gift Vouchers <= 4.4.0 - Cross-Site Request Forgery

Apr 12, 2024 Patched in 4.4.1 (6d)
WF-0007d830-2e68-4c2f-8fac-f4363bc2d73d-gift-vouchermedium · 4.3Cross-Site Request Forgery (CSRF)

Gift Cards (Gift Vouchers and Packages) <= 4.3.5 - Cross-Site Request Forgery in new_voucher_template.php

Jul 7, 2023 Patched in 4.3.6 (200d)
CVE-2023-28662critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Gift Cards (Gift Vouchers and Packages) <= 4.3.2 - Unauthenticated SQL Injection

Mar 29, 2023 Patched in 4.3.3 (300d)
CVE-2018-16159critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) < 4.1.8 - SQL Injection

Aug 26, 2018 Patched in 4.1.8 (1976d)
Code Analysis
Analyzed Mar 16, 2026

Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) Code Analysis

Dangerous Functions
0
Raw SQL Queries
50
107 prepared
Unescaped Output
192
1114 escaped
Nonce Checks
19
Capability Checks
13
File Operations
55
External Requests
1
Bundled Libraries
1

Bundled Libraries

Stripe PHP

SQL Query Safety

68% prepared157 total queries

Output Escaping

85% escaped1306 total outputs
Data Flows
14 unsanitized

Data Flow Analysis

24 flows14 with unsanitized paths
getSelectTemplateVoucher (giftcard.php:280)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
15 unprotected

Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) Attack Surface

Entry Points36
Unprotected15

AJAX Handlers 29

authwp_ajax_ajax_add_wpgv_voucher_amountadmin\wpgv-gift-voucher-admin.php:16
authwp_ajax_ajax_remove_wpgv_voucher_amountadmin\wpgv-gift-voucher-admin.php:18
noprivwp_ajax_wpgv_doajax_front_templatefront.php:614
authwp_ajax_wpgv_doajax_front_templatefront.php:615
authwp_ajax_wpgv_redeem_vouchergift-voucher.php:955
authwp_ajax_voucher_slider_templategiftcard.php:277
noprivwp_ajax_voucher_slider_templategiftcard.php:278
authwp_ajax_ajax_select_voucher_templategiftcard.php:365
noprivwp_ajax_ajax_select_voucher_templategiftcard.php:366
noprivwp_ajax_wpgv_doajax_get_itemcat_imagegiftitems.php:710
authwp_ajax_wpgv_doajax_get_itemcat_imagegiftitems.php:711
noprivwp_ajax_wpgv_doajax_get_item_datagiftitems.php:712
authwp_ajax_wpgv_doajax_get_item_datagiftitems.php:713
authwp_ajax_update_voucher_dateinclude\edit-order-voucher.php:7
noprivwp_ajax_update_voucher_dateinclude\edit-order-voucher.php:8
authwp_ajax_update_voucher_noteinclude\edit-order-voucher.php:49
noprivwp_ajax_update_voucher_noteinclude\edit-order-voucher.php:50
authwp_ajax_update_voucher_priceinclude\edit-order-voucher.php:91
noprivwp_ajax_update_voucher_priceinclude\edit-order-voucher.php:92
noprivwp_ajax_wpgv-gift-voucher-redeeminclude\redeem-voucher.php:39
authwp_ajax_wpgv-gift-voucher-redeeminclude\redeem-voucher.php:40
noprivwp_ajax_wpgv-gift-voucher-removeinclude\redeem-voucher.php:42
authwp_ajax_wpgv-gift-voucher-removeinclude\redeem-voucher.php:43
noprivwp_ajax_wpgv_save_gift_cardinclude\wpgv_giftcard_pdf.php:335
authwp_ajax_wpgv_save_gift_cardinclude\wpgv_giftcard_pdf.php:336
noprivwp_ajax_wpgv_doajax_item_pdf_save_funcinclude\wpgv_item_pdf.php:333
authwp_ajax_wpgv_doajax_item_pdf_save_funcinclude\wpgv_item_pdf.php:334
noprivwp_ajax_wpgv_doajax_voucher_pdf_save_funcinclude\wpgv_voucher_pdf.php:324
authwp_ajax_wpgv_doajax_voucher_pdf_save_funcinclude\wpgv_voucher_pdf.php:325

Shortcodes 7

[wpgv_giftvoucher] front.php:613
[wpgv_giftcard] giftcard.php:170
[wpgv_giftitems] giftitems.php:709
[wpgv_giftvouchersuccesspage] include\voucher-shortcodes.php:183
[wpgv_giftvouchercancelpage] include\voucher-shortcodes.php:199
[wpgv_stripesuccesspage] include\voucher-shortcodes.php:351
[wpgv-check-voucher-balance] include\voucher-shortcodes.php:440
WordPress Hooks 110
filterset-screen-optionadmin.php:18
actionadmin_menuadmin.php:19
actionadmin_enqueue_scriptsadmin.php:20
actionadmin_post_save_voucher_settings_optionadmin.php:191
actionadmin_noticesclasses\class-nag.php:79
filterwoocommerce_data_storesclasses\data-stores\wc-order-item-wpgv-gift-voucher-data-store.php:12
filterpage_attributes_dropdown_pages_argsclasses\page_template.php:45
filtertheme_page_templatesclasses\page_template.php:52
filterwp_insert_post_dataclasses\page_template.php:59
filtertemplate_includeclasses\page_template.php:66
actionplugins_loadedclasses\page_template.php:157
filterwoocommerce_get_items_keyclasses\wc-order-item-wpgv-gift-voucher.php:12
filterwoocommerce_order_type_to_groupclasses\wc-order-item-wpgv-gift-voucher.php:19
filterwoocommerce_get_order_item_classnameclasses\wc-order-item-wpgv-gift-voucher.php:28
filterwoocommerce_get_price_htmlclasses\wpgv-gift-voucher-cart-process.php:12
filterwoocommerce_dropdown_variation_attribute_options_argsclasses\wpgv-gift-voucher-cart-process.php:13
filterwoocommerce_add_to_cart_handlerclasses\wpgv-gift-voucher-cart-process.php:14
filterwoocommerce_add_cart_itemclasses\wpgv-gift-voucher-cart-process.php:15
filterwoocommerce_add_cart_item_dataclasses\wpgv-gift-voucher-cart-process.php:16
filterwoocommerce_get_cart_item_from_sessionclasses\wpgv-gift-voucher-cart-process.php:17
filterwoocommerce_get_item_dataclasses\wpgv-gift-voucher-cart-process.php:18
filterwoocommerce_order_item_display_meta_keyclasses\wpgv-gift-voucher-cart-process.php:19
filterwoocommerce_order_item_get_formatted_meta_dataclasses\wpgv-gift-voucher-cart-process.php:20
actionwoocommerce_order_again_cart_item_dataclasses\wpgv-gift-voucher-cart-process.php:21
filterwoocommerce_product_get_priceclasses\wpgv-gift-voucher-cart-process.php:22
filterwoocommerce_checkout_create_order_line_itemclasses\wpgv-gift-voucher-cart-process.php:23
filterwoocommerce_order_status_completedclasses\wpgv-gift-voucher-cart-process.php:24
filterwoocommerce_order_status_cancelledclasses\wpgv-gift-voucher-cart-process.php:25
filterwoocommerce_order_status_refundedclasses\wpgv-gift-voucher-cart-process.php:26
filterwp_trash_postclasses\wpgv-gift-voucher-cart-process.php:27
filteruntrash_postclasses\wpgv-gift-voucher-cart-process.php:28
filteret_option_ajax_addtocartclasses\wpgv-gift-voucher-cart-process.php:32
filtertheme_mod_disable_wc_sticky_cartclasses\wpgv-gift-voucher-cart-process.php:33
filtertheme_mod_ocean_woo_product_ajax_add_to_cartclasses\wpgv-gift-voucher-cart-process.php:34
filteroption_rigidclasses\wpgv-gift-voucher-cart-process.php:35
actionwoocommerce_thankyouclasses\wpgv-gift-voucher-cart-process.php:37
filterwoocommerce_product_variation_get_regular_priceclasses\wpgv-gift-voucher-cart-process.php:163
filterwc_aelia_cs_selected_currencyclasses\wpgv-gift-voucher-product.php:72
filterwoocommerce_currency_symbolclasses\wpgv-gift-voucher-product.php:98
actionwoocommerce_before_single_variationclasses\wpgv-wc-product-gift-voucher.php:210
actionwoocommerce_single_variationclasses\wpgv-wc-product-gift-voucher.php:211
actionwoocommerce_after_single_variationclasses\wpgv-wc-product-gift-voucher.php:212
actionwoocommerce_before_add_to_cart_quantityclasses\wpgv-wc-product-gift-voucher.php:215
filterwoocommerce_data_storesclasses\wpgv-wc-product-gift-voucher.php:244
filterwoocommerce_product_add_to_cart_textclasses\wpgv-wc-product-gift-voucher.php:261
filterwoocommerce_variation_option_nameclasses\wpgv-wc-product-gift-voucher.php:283
actioninitgift-voucher.php:31
actioninitgift-voucher.php:88
actioninitgift-voucher.php:135
actionadmin_initgift-voucher.php:140
actionwoocommerce_initgift-voucher.php:218
actioninitgift-voucher.php:239
actionwp_enqueue_scriptsgift-voucher.php:339
actionupgrader_process_completegift-voucher.php:627
actionadmin_noticesgift-voucher.php:644
actionadmin_noticesgift-voucher.php:659
actioninitgift-voucher.php:667
filterpage_templategift-voucher.php:682
actionwpmu_new_bloggift-voucher.php:930
actionwpgv_check_voucher_statusgift-voucher.php:932
actionadmin_noticesgift-voucher.php:1147
actionwoocommerce_coupon_errorgift-voucher.php:1187
actioninitinclude\redeem-voucher.php:16
filterquery_varsinclude\redeem-voucher.php:17
filterwoocommerce_account_menu_itemsinclude\redeem-voucher.php:18
actionwoocommerce_account_check-voucher-balance_endpointinclude\redeem-voucher.php:19
actionwoocommerce_after_cart_contentsinclude\redeem-voucher.php:20
actionwoocommerce_cart_totals_before_order_totalinclude\redeem-voucher.php:21
actionwoocommerce_before_checkout_forminclude\redeem-voucher.php:22
actionwoocommerce_review_order_before_order_totalinclude\redeem-voucher.php:23
actionwoocommerce_after_calculate_totalsinclude\redeem-voucher.php:24
actionwoocommerce_update_orderinclude\redeem-voucher.php:25
filterwoocommerce_order_status_processinginclude\redeem-voucher.php:26
filterwoocommerce_order_status_pre-orderedinclude\redeem-voucher.php:27
filterwoocommerce_order_status_completedinclude\redeem-voucher.php:28
filterwoocommerce_order_status_cancelledinclude\redeem-voucher.php:29
filterwoocommerce_order_status_refundedinclude\redeem-voucher.php:30
filterwoocommerce_get_order_item_totalsinclude\redeem-voucher.php:31
actionwoocommerce_checkout_create_orderinclude\redeem-voucher.php:32
filterwoocommerce_paypal_argsinclude\redeem-voucher.php:33
filterwoocommerce_payment_complete_order_statusinclude\redeem-voucher.php:34
actionwoocommerce_order_status_changedinclude\redeem-voucher.php:37
actionwoocommerce_update_orderinclude\redeem-voucher.php:253
actionwpgv_voucher_category_add_form_fieldsinclude\voucher_metabox.php:21
actioncreated_wpgv_voucher_categoryinclude\voucher_metabox.php:22
actionwpgv_voucher_category_edit_form_fieldsinclude\voucher_metabox.php:23
actionedited_wpgv_voucher_categoryinclude\voucher_metabox.php:24
actionadmin_enqueue_scriptsinclude\voucher_metabox.php:25
actionadmin_footerinclude\voucher_metabox.php:26
actionadd_meta_boxesinclude\voucher_metabox.php:171
actionpost_edit_form_taginclude\voucher_metabox.php:177
filterredirect_post_locationinclude\voucher_metabox.php:362
actionadmin_noticesinclude\voucher_metabox.php:383
actionsave_postinclude\voucher_metabox.php:385
actionadd_meta_boxesinclude\voucher_metabox.php:422
actionadmin_footerinclude\voucher_metabox.php:423
actionsave_postinclude\voucher_metabox.php:424
actioninitinclude\voucher_posttype.php:61
actioninitinclude\voucher_posttype.php:101
actioninitinclude\voucher_posttype.php:156
actioninitinclude\voucher_posttype.php:196
actionwc_wpgv_voucher_pdf_save_funcinclude\wc_wpgv_voucher_pdf.php:203
actionwpinclude\wpgc-product-detail-custom.php:5
actionwoocommerce_before_single_product_summaryinclude\wpgc-product-detail-custom.php:22
filterproduct_type_selectorinclude\wpgv-product-settings.php:15
actioninitinclude\wpgv-product-settings.php:27
filterwoocommerce_product_classinclude\wpgv-product-settings.php:44
filterwoocommerce_product_data_tabsinclude\wpgv-product-settings.php:58
actionwoocommerce_product_data_panelsinclude\wpgv-product-settings.php:74
actionadmin_headinclude\wpgv-product-settings.php:149

Scheduled Events 3

send_gift_voucher_email_event
wpgv_check_voucher_status
send_gift_voucher_email_event
Maintenance & Trust

Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 5, 2026
PHP min version5.6
Downloads130K

Community Trust

Rating94/100
Number of ratings112
Active installs1K
Alternatives

Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) Alternatives

Ultimate Gift Cards for WooCommerce

Ultimate Gift Cards for WooCommerce

woo-gift-cards-lite

A
97

Create, sell and manage WooCommerce gift cards to attract more sales and multiply your revenue at your online store.

7K 3 CVEs
Gift Up Gift Cards for WordPress and WooCommerce

Gift Up Gift Cards for WordPress and WooCommerce

gift-up

A
99

The simplest way to sell gift cards online. Sell your own gift cards, gift certificates and gift vouchers from inside your WordPress website easily wi &hellip;

5K 3 CVEs
WebToffee Gift Cards for WooCommerce

WebToffee Gift Cards for WooCommerce

wt-gift-cards-woocommerce

A
100

Create and sell WooCommerce gift cards in your store. Allow your customers to buy, redeem, and share gift vouchers easily.

1K No CVEs
Store credit / Gift cards for woocommerce

Store credit / Gift cards for woocommerce

store-credit-for-woocommerce

A
99

Offer store credit or gift cards to customers that they can use until their credit is finished

100 1 CVE
VaocherApp – Gift cards/vouchers system for WordPress & WooCommerce

VaocherApp – Gift cards/vouchers system for WordPress & WooCommerce

vaocher-app

A
92

Sell your own gift cards, gift vouchers and gift certificates from your WordPress website (WooCommerce compatible) easily in just a few minutes

40 No CVEs
Developer Profile

Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) Developer Profile

Codemenschen

3 plugins · 1K total installs

70
trust score
Avg Security Score
87/100
Avg Patch Time
417 days
View full developer profile
Detection Fingerprints

How We Detect Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gift-voucher/css/wpgv-frontend.css/wp-content/plugins/gift-voucher/css/wpgv-frontend-gift-form.css/wp-content/plugins/gift-voucher/css/wpgv-frontend-voucher-style.css/wp-content/plugins/gift-voucher/js/wpgv-frontend.js/wp-content/plugins/gift-voucher/js/wpgv-frontend-gift-form.js/wp-content/plugins/gift-voucher/js/wpgv-frontend-voucher-style.js
Script Paths
/wp-content/plugins/gift-voucher/js/wpgv-frontend.js/wp-content/plugins/gift-voucher/js/wpgv-frontend-gift-form.js/wp-content/plugins/gift-voucher/js/wpgv-frontend-voucher-style.js
Version Parameters
gift-voucher/css/wpgv-frontend.css?ver=gift-voucher/css/wpgv-frontend-gift-form.css?ver=gift-voucher/css/wpgv-frontend-voucher-style.css?ver=gift-voucher/js/wpgv-frontend.js?ver=gift-voucher/js/wpgv-frontend-gift-form.js?ver=gift-voucher/js/wpgv-frontend-voucher-style.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpgv-voucher-formwpgv-voucher-itemwpgv-gift-voucher-sectionwpgv-gift-voucher-wrapperwpgv-voucher-input-groupwpgv-voucher-buttonwpgv-voucher-codewpgv-voucher-amount+6 more
HTML Comments
<!-- Frontend Voucher Form --><!-- Gift Voucher Style Section -->
Data Attributes
data-wpgv-amountdata-wpgv-codedata-wpgv-currency-symbol
JS Globals
WPGVFrontendwpgv_frontend_params
REST Endpoints
/wp-json/gift-voucher/v1/save-voucher-data/wp-json/gift-voucher/v1/get-voucher-data
Shortcode Output
[gift-voucher-form][gift-voucher-display]
FAQ

Frequently Asked Questions about Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported)