106 matches found
CVE-2024-1935
The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘parenturl’ parameter in all versions up to, and including, 1.12.5 due to insufficient input sanitization and...
Cross site scripting
The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘parenturl’ parameter in all versions up to, and including, 1.12.5 due to insufficient input sanitization and...
CVE-2024-1935 Giveaways and Contests by RafflePress <= 1.12.5 - Unauthenticated Stored Cross-Site Scripting
The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘parenturl’ parameter in all versions up to, and including, 1.12.5 due to insufficient input sanitization and...
CVE-2024-1935 Giveaways and Contests by RafflePress <= 1.12.5 - Unauthenticated Stored Cross-Site Scripting
The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘parenturl’ parameter in all versions up to, and including, 1.12.5 due to insufficient input sanitization and...
PT-2024-18435 · WordPress · Giveaways/Contests By Rafflepress
Name of the Vulnerable Software and Affected Versions: The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress versions up to, and including, 1.12.5 Description: The issue is related to Stored Cross-Site Scripting due to...
WordPress Plugin Giveaways and Contests by RafflePress Security Vulnerabilities
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Giveaways and Contests by RafflePress Plugin <= 1.12.5 is vulnerable to Cross Site Scripting (XSS)
Software Giveaways and Contests by RafflePress Type Plugin Vulnerable versions = 1.12.5 Fixed in 1.12.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1935 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ece07ad4b4ef...
Giveaways and Contests by RafflePress < 1.12.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepressgutenberg' shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on 'giframe' user...
CVE-2023-5049
The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepressgutenberg' shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on 'giframe' user supplied...
CVE-2023-5049
The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepressgutenberg' shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on 'giframe' user supplied...
Cross site scripting
The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepressgutenberg' shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on 'giframe' user supplied...
CVE-2023-5049 Giveaways and Contests by RafflePress <= 1.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepressgutenberg' shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on 'giframe' user supplied...
CVE-2023-5049 Giveaways and Contests by RafflePress <= 1.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepressgutenberg' shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on 'giframe' user supplied...
CVE-2023-5049
CVE-2023-5049 affects the Giveaways and Contests by RafflePress plugin for WordPress. The flaw is Stored XSS via the rafflepress/rafflepress_gutenberg shortcode, caused by insufficient input sanitization and output escaping on the giframe attribute. Authenticated attackers with contributor or hig...
WordPress Plugin Giveaways and Contests by RafflePress Cross-Site Scripting Vulnerabilities
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. Cross-site scripting vulnerability exists i...
PT-2023-31579 · WordPress · Giveaways/Contests By Rafflepress
Name of the Vulnerable Software and Affected Versions: Giveaways and Contests by RafflePress plugin for WordPress versions up to, and including, 1.12.0 Description: The issue is related to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepress gutenberg' shortcode due to insufficient...
WordPress Giveaways and Contests by RafflePress Plugin <= 1.12.0 is vulnerable to Cross Site Scripting (XSS)
Software Giveaways and Contests by RafflePress Type Plugin Vulnerable versions = 1.12.0 Fixed in 1.12.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5049 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e66d163b9be8 Credits...
CVE-2023-0176
The Giveaways and Contests by RafflePress WordPress plugin before 1.11.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
CVE-2023-0176
The Giveaways and Contests by RafflePress WordPress plugin before 1.11.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
Cross site scripting
The Giveaways and Contests by RafflePress WordPress plugin before 1.11.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...