Lucene search
+L

106 matches found

OSV
OSV
added 2024/03/13 4:15 p.m.4 views

CVE-2024-1935

The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘parenturl’ parameter in all versions up to, and including, 1.12.5 due to insufficient input sanitization and...

6.1CVSS5.9AI score0.00685EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.23 views

Cross site scripting

The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘parenturl’ parameter in all versions up to, and including, 1.12.5 due to insufficient input sanitization and...

6.4CVSS6.2AI score0.00685EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/13 3:26 p.m.11 views

CVE-2024-1935 Giveaways and Contests by RafflePress <= 1.12.5 - Unauthenticated Stored Cross-Site Scripting

The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘parenturl’ parameter in all versions up to, and including, 1.12.5 due to insufficient input sanitization and...

7.2CVSS7.3AI score0.00685EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/03/13 3:26 p.m.30 views

CVE-2024-1935 Giveaways and Contests by RafflePress <= 1.12.5 - Unauthenticated Stored Cross-Site Scripting

The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘parenturl’ parameter in all versions up to, and including, 1.12.5 due to insufficient input sanitization and...

7.2CVSS6.3AI score0.00685EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.6 views

PT-2024-18435 · WordPress · Giveaways/Contests By Rafflepress

Name of the Vulnerable Software and Affected Versions: The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress versions up to, and including, 1.12.5 Description: The issue is related to Stored Cross-Site Scripting due to...

7.2CVSS8.2AI score0.00685EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.6 views

WordPress Plugin Giveaways and Contests by RafflePress Security Vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

7.2CVSS5.8AI score0.00685EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/03/01 12:0 a.m.12 views

WordPress Giveaways and Contests by RafflePress Plugin <= 1.12.5 is vulnerable to Cross Site Scripting (XSS)

Software Giveaways and Contests by RafflePress Type Plugin Vulnerable versions = 1.12.5 Fixed in 1.12.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1935 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ece07ad4b4ef...

7.2CVSS5.6AI score0.00685EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.18 views

Giveaways and Contests by RafflePress < 1.12.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepressgutenberg' shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on 'giframe' user...

6.4CVSS5.9AI score0.00482EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/10/30 2:15 p.m.22 views

CVE-2023-5049

The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepressgutenberg' shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on 'giframe' user supplied...

6.4CVSS5.7AI score0.00482EPSS
Exploits0References4
OSV
OSV
added 2023/10/30 2:15 p.m.6 views

CVE-2023-5049

The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepressgutenberg' shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on 'giframe' user supplied...

5.4CVSS7AI score0.00482EPSS
Exploits0References4
Prion
Prion
added 2023/10/30 2:15 p.m.23 views

Cross site scripting

The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepressgutenberg' shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on 'giframe' user supplied...

4.9CVSS5.2AI score0.00482EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/10/30 1:49 p.m.35 views

CVE-2023-5049 Giveaways and Contests by RafflePress <= 1.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepressgutenberg' shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on 'giframe' user supplied...

6.4CVSS5.8AI score0.00482EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/10/30 1:49 p.m.7 views

CVE-2023-5049 Giveaways and Contests by RafflePress <= 1.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepressgutenberg' shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on 'giframe' user supplied...

6.4CVSS6.8AI score0.00482EPSS
Exploits0References4
CVE
CVE
added 2023/10/30 1:49 p.m.83 views

CVE-2023-5049

CVE-2023-5049 affects the Giveaways and Contests by RafflePress plugin for WordPress. The flaw is Stored XSS via the rafflepress/rafflepress_gutenberg shortcode, caused by insufficient input sanitization and output escaping on the giframe attribute. Authenticated attackers with contributor or hig...

6.4CVSS5.2AI score0.00482EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2023/10/30 12:0 a.m.5 views

WordPress Plugin Giveaways and Contests by RafflePress Cross-Site Scripting Vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. Cross-site scripting vulnerability exists i...

6.4CVSS6AI score0.00482EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/10/30 12:0 a.m.6 views

PT-2023-31579 · WordPress · Giveaways/Contests By Rafflepress

Name of the Vulnerable Software and Affected Versions: Giveaways and Contests by RafflePress plugin for WordPress versions up to, and including, 1.12.0 Description: The issue is related to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepress gutenberg' shortcode due to insufficient...

6.4CVSS5.6AI score0.00482EPSS
Exploits0References9
Patchstack
Patchstack
added 2023/10/29 12:0 a.m.18 views

WordPress Giveaways and Contests by RafflePress Plugin <= 1.12.0 is vulnerable to Cross Site Scripting (XSS)

Software Giveaways and Contests by RafflePress Type Plugin Vulnerable versions = 1.12.0 Fixed in 1.12.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5049 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e66d163b9be8 Credits...

6.4CVSS5.7AI score0.00482EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/02/06 8:15 p.m.5 views

CVE-2023-0176

The Giveaways and Contests by RafflePress WordPress plugin before 1.11.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

5.4CVSS5.8AI score0.00573EPSS
Exploits2References1
NVD
NVD
added 2023/02/06 8:15 p.m.18 views

CVE-2023-0176

The Giveaways and Contests by RafflePress WordPress plugin before 1.11.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

5.4CVSS5.3AI score0.00573EPSS
Exploits2References1
Prion
Prion
added 2023/02/06 8:15 p.m.17 views

Cross site scripting

The Giveaways and Contests by RafflePress WordPress plugin before 1.11.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

4.9CVSS5.4AI score0.00573EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder