WordPress SweepWidget Contests, Giveaways, Photo Contests, Competitions plugin <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin SweepWidget Contests, Giveaways, Photo Contests, Competitions versions = 2.0.6...

PT-2025-1893 · WordPress · Scratch & Win – Giveaways/Contests

Name of the Vulnerable Software and Affected Versions: The Scratch & Win – Giveaways and Contests plugin for WordPress versions up to, and including, 2.7.1 Description: The issue is related to Cross-Site Request Forgery due to missing nonce validation on the reset installation function. This allo...

CVE-2024-12513 Contests by Rewards Fuel <= 2.0.65 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Contests by Rewards Fuel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'RFCONTEST' shortcode in all versions up to, and including, 2.0.65 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Contests by Rewards Fuel plugin <= 2.0.65 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Contests by Rewards Fuel versions = 2.0.65...

CVE-2024-11898

CVE-2024-11898 refers to the WordPress plugin “Scratch & Win – Giveaways and Contests” with a stored XSS vulnerability in the swin-campaign shortcode present in versions up to 2.6.9. The issue arises from insufficient input sanitization and output escaping for user-supplied attributes, allowing a...

WordPress plugin Scratch & Win – Giveaways and Contests 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...

WordPress Scratch & Win – Giveaways and Contests plugin <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Scratch & Win – Giveaways and Contests versions = 2.6.9...

WordPress Giveaways and Contests by RafflePress plugin < 1.12.16 - Editor+ Stored XSS vulnerability

Editor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Giveaways and Contests by RafflePress versions 1.12.16...

CVE-2024-6887 Giveaways and Contests by RafflePress < 1.12.16 - Editor+ Stored XSS

The Giveaways and Contests by RafflePress WordPress plugin before 1.12.16 does not sanitise and escape some of its Giveaways settings, which could allow high privilege users such as editor and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallow...

CVE-2024-6887 Giveaways and Contests by RafflePress < 1.12.16 - Editor+ Stored XSS

The Giveaways and Contests by RafflePress WordPress plugin before 1.12.16 does not sanitise and escape some of its Giveaways settings, which could allow high privilege users such as editor and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallow...

WordPress plugin Giveaways and Contests by RafflePress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2024-37928 · WordPress · Giveaways/Contests By Rafflepress

Name of the Vulnerable Software and Affected Versions: Giveaways and Contests by RafflePress WordPress plugin versions prior to 1.12.16 Description: The issue concerns the Giveaways and Contests by RafflePress WordPress plugin, which does not properly sanitise and escape some of its Giveaways...

The US Government Wants You—Yes, You—to Hunt Down Generative AI Flaws

The AI ethics nonprofit Humane Intelligence and the US National Institute of Standards and Technology are launching a series of contests to get more people probing for problems in generative AI systems...

CVE-2024-3963

The Giveaways and Contests by RafflePress WordPress plugin before 1.12.14 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks...

CVE-2024-3963

The Giveaways and Contests by RafflePress WordPress plugin before 1.12.14 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks...

CVE-2024-3963 RafflePress Lite < 1.12.14 - Editor+ Stored XSS

The Giveaways and Contests by RafflePress WordPress plugin before 1.12.14 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks...

WordPress plugin Giveaways and Contests by RafflePress Security Vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2024-4745

Missing Authorization vulnerability in RafflePress Giveaways and Contests by RafflePress.This issue affects Giveaways and Contests by RafflePress: from n/a through 1.12.4...

CVE-2024-4745

CVE-2024-4745 affects the WordPress plugin Giveaways and Contests by RafflePress (versions up to 1.12.4). It is a Missing Authorization vulnerability (broken access control) with limited documented impact in the provided sources. The CVSS indicates Network attack, Low confidentiality/integ/availa...

WordPress plugin Giveaways and Contests by RafflePress Security Vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...