CVE-2024-32827

Authentication Bypass by Spoofing vulnerability in RafflePress Giveaways and Contests allows Functionality Bypass.This issue affects Giveaways and Contests: from n/a through 1.12.7...

CVE-2024-32827 WordPress Giveaways and Contests by RafflePress plugin <= 1.12.7 - IP Restriction Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in RafflePress Giveaways and Contests allows Functionality Bypass.This issue affects Giveaways and Contests: from n/a through 1.12.7...

CVE-2024-32827

CVE-2024-32827 describes an Authentication Bypass by Spoofing in the WordPress plugin Giveaways and Contests by RafflePress (affected: Giveaways and Contests

WordPress plugin Giveaways and Contests 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-24902 · Unknown · Giveaways/Contests By Rafflepress

Name of the Vulnerable Software and Affected Versions: RafflePress Giveaways and Contests versions 1.12.7 and earlier Description: The issue is an Authentication Bypass by Spoofing vulnerability that allows Functionality Bypass. Recommendations: For versions 1.12.7 and earlier, update to a versio...

Giveaways and Contests by RafflePress < 1.12.5 - Missing Authorization

Description The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in the resources/views/rafflepress-giveaway.php file in versions up to, and including, 1.12.4. This makes it possible for authenticated...

WordPress Giveaways and Contests by RafflePress plugin <= 1.12.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Giveaways and Contests by RafflePress versions = 1.12.4...

WordPress Giveaways and Contests by RafflePress Plugin <= 1.12.4 is vulnerable to Broken Access Control

Software Giveaways and Contests by RafflePress Type Plugin Vulnerable versions = 1.12.4 Fixed in 1.12.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4745 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 632d49d4c2a4 Credits...

WordPress Giveaways and Contests by RafflePress Plugin <= 1.12.7 is vulnerable to Bypass Vulnerability

Software Giveaways and Contests by RafflePress Type Plugin Vulnerable versions = 1.12.7 Fixed in 1.12.11 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2024-32827 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 1c85afd440e3 Credits...

CVE-2024-1787

The Contests by Rewards Fuel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'updaterewardsfuelapikey' parameter in all versions up to, and including, 2.0.64 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-1787 Contests by Rewards Fuel <= 2.0.64 - Authenticated (Contributor+) Stored Cross-Site Scripting via update_rewards_fuel_api_key

The Contests by Rewards Fuel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'updaterewardsfuelapikey' parameter in all versions up to, and including, 2.0.64 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-1787

CVE-2024-1787 affects the WordPress plugin “Contests by Rewards Fuel.” The vulnerability is a Stored XSS via the update_rewards_fuel_api_key parameter in all versions up to and including 2.0.64. Exploitation requires contributor-level access or higher (authenticated). The underlying issue is insu...

CVE-2024-1785 Contests by Rewards Fuel <= 2.0.62 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Contests by Rewards Fuel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.62. This is due to missing or incorrect nonce validation on the ajaxhandler function. This makes it possible for unauthenticated attackers to update the plugin's...

CVE-2024-1785

CVE-2024-1785 affects the Contests by Rewards Fuel plugin for WordPress. All versions up to 2.0.62 are vulnerable to CSRF due to missing/incorrect nonce validation in ajax_handler(), allowing unauthenticated attackers to update plugin settings and inject malicious JavaScript via forged requests i...

WordPress Contests by Rewards Fuel Plugin <= 2.0.64 is vulnerable to Cross Site Scripting (XSS)

Software Contests by Rewards Fuel Type Plugin Vulnerable versions = 2.0.64 Fixed in 2.0.65 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1787 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b373db375895 Credits Sean Bales...

WordPress Contests by Rewards Fuel Plugin <= 2.0.62 is vulnerable to Cross Site Request Forgery (CSRF)

Software Contests by Rewards Fuel Type Plugin Vulnerable versions = 2.0.62 Fixed in 2.0.63 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1785 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID b25e33b93d9b Credits Sean Bale...

WordPress Plugin Contests Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Plugin Contests Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-18304 · WordPress · Contests By Rewards Fuel

Name of the Vulnerable Software and Affected Versions: Contests by Rewards Fuel plugin for WordPress versions up to, and including, 2.0.62 Description: The issue is due to missing or incorrect nonce validation on the ajax handler function, making it possible for unauthenticated attackers to updat...

WordPress Plugin Giveaways and Contests by RafflePress Security Vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...