3 matches found
CVE-2023-0176 Giveaways and Contests by RafflePress < 1.11.3 - Contributor+ Stored XSS
The Giveaways and Contests by RafflePress WordPress plugin before 1.11.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
CVE-2023-0176
The CVE covers the Giveaways and Contests by RafflePress WordPress plugin (pre-1.11.3). It fails to validate/escape certain shortcode attributes before output, allowing Stored XSS on pages where the shortcode is embedded. Impact targets users with the Contributor role and above; base risk is medi...
WordPress Giveaways and Contests by RafflePress Plugin < 1.11.3 is vulnerable to Cross Site Scripting (XSS)
Software Giveaways and Contests by RafflePress Type Plugin Vulnerable versions 1.11.3 Fixed in 1.11.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0176 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e22e68106a5e...