CVE-2025-66064

Cross-Site Request Forgery CSRF vulnerability in Syed Balkhi Giveaways and Contests by RafflePress rafflepress allows Cross Site Request Forgery.This issue affects Giveaways and Contests by RafflePress: from n/a through = 1.12.20...

CVE-2025-66064 WordPress Giveaways and Contests by RafflePress plugin <= 1.12.20 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Syed Balkhi Giveaways and Contests by RafflePress rafflepress allows Cross Site Request Forgery.This issue affects Giveaways and Contests by RafflePress: from n/a through = 1.12.20...

CVE-2025-66064 WordPress Giveaways and Contests by RafflePress plugin <= 1.12.20 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Syed Balkhi Giveaways and Contests by RafflePress rafflepress allows Cross Site Request Forgery.This issue affects Giveaways and Contests by RafflePress: from n/a through = 1.12.20...

PT-2025-47739

Cross-Site Request Forgery CSRF vulnerability in Syed Balkhi Giveaways and Contests by RafflePress rafflepress allows Cross Site Request Forgery.This issue affects Giveaways and Contests by RafflePress: from n/a through = 1.12.20...

CVE-2025-12484

The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple social media username parameters in all versions up to, and including, 1.12.19 due to insufficient input...

PT-2025-1893 · WordPress · Scratch & Win – Giveaways/Contests

Name of the Vulnerable Software and Affected Versions: The Scratch & Win – Giveaways and Contests plugin for WordPress versions up to, and including, 2.7.1 Description: The issue is related to Cross-Site Request Forgery due to missing nonce validation on the reset installation function. This allo...

WordPress Giveaways and Contests by RafflePress plugin < 1.12.16 - Editor+ Stored XSS vulnerability

Editor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Giveaways and Contests by RafflePress versions 1.12.16...

CVE-2024-3963

The Giveaways and Contests by RafflePress WordPress plugin before 1.12.14 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks...

WordPress Giveaways and Contests by RafflePress plugin <= 1.12.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Giveaways and Contests by RafflePress versions = 1.12.4...

WordPress Plugin Giveaways and Contests by RafflePress Cross-Site Scripting Vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. Cross-site scripting vulnerability exists i...