10 matches found
CVE-2025-14541
The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.22 via the conditionaltags parameter. This is due to the plugin using PHP's eval function on user-controlled input without proper validation or sanitization. This makes i...
CVE-2025-14541
The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.22 via the conditionaltags parameter. This is due to the plugin using PHP's eval function on user-controlled input without proper validation or sanitization. This makes i...
CVE-2025-14541
CVE-2025-14541 refers to the WordPress plugin “Lucky Wheel Giveaway” (versions up to and including 1.0.22) with a Remote Code Execution vulnerability. The root cause is PHP eval() being applied to user-controlled input via the conditional_tags parameter, allowing an authenticated attacker with Ad...
CVE-2025-14541 Lucky Wheel Giveaway <= 1.0.22 - Authenticated (Administrator+) Remote Code Execution via 'conditional_tags' Parameter
The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.22 via the conditionaltags parameter. This is due to the plugin using PHP's eval function on user-controlled input without proper validation or sanitization. This makes i...
CVE-2025-14541
The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.22 via the conditionaltags parameter. This is due to the plugin using PHP's eval function on user-controlled input without proper validation or sanitization. This makes i...
WordPress Lucky Wheel Giveaway plugin <= 1.0.22 - Authenticated (Administrator+) Remote Code Execution via 'conditional_tags' Parameter vulnerability
Authenticated Administrator+ Remote Code Execution via 'conditionaltags' Parameter vulnerability discovered by Nguyen Truong Roll - FPT IS in WordPress Plugin Lucky Wheel Giveaway versions = 1.0.22...
CVE-2025-14509
The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval to execute user-supplied input from the 'Conditional Tags' setting without proper validation or sanitization...
CVE-2025-14509 Lucky Wheel for WooCommerce – Spin a Sale <= 1.1.13 - Authenticated (Administrator+) PHP Code Injection via Conditional Tags
The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval to execute user-supplied input from the 'Conditional Tags' setting without proper validation or sanitization...
EUVD-2025-205769
The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval to execute user-supplied input from the 'Conditional Tags' setting without proper validation or sanitization...
PbootCMS PHP Code Injection Vulnerability
PbootCMS is an open source enterprise building content management system CMS developed using the PHP language. A security vulnerability exists in PbootCMS version 0.9.8. The vulnerability can be exploited to inject HPH code with the help of IF tags on the index.php/About/6.html or...