6 matches found
CVE-2023-1122
The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its Giveaways options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Simple Giveaways Plugin < 2.45.1 is vulnerable to Cross Site Scripting (XSS)
Software Simple Giveaways Type Plugin Vulnerable versions 2.45.1 Fixed in 2.45.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1122 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID 8adf4cd8d10f Credits Varun Required...
CVE-2023-1122
creationtimestamp| type| source ---|---|--- 2023-04-10 18:36:04+00:00| seen| https://t.me/cibsecurity/61762 2025-02-14 10:03:09+00:00| seen| Telegram/ff0a7uaIJ8siUZt3MNdeVpOYgZ0atFbnIUcN278zNWUUXJ...
CVE-2023-1122
The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its Giveaways options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-1122 Simple Giveaways < 2.45.1 - Editor+ Stored Cross-Site Scripting
The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its Giveaways options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-1122
CVE-2023-1122 affects the WordPress plugin Simple Giveaways (before 2.45.1). The issue stems from insufficient sanitization/escaping of Giveaways options, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (multisite). Impact descri...