3 matches found
CVE-2024-1935
The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘parenturl’ parameter in all versions up to, and including, 1.12.5 due to insufficient input sanitization and...
CVE-2024-1935
CVE-2024-1935 concerns the WordPress plugin Giveaways and Contests by RafflePress (versions up to and including 1.12.5). The vulnerability is a Stored XSS via the parent_url parameter caused by insufficient input sanitization and output escaping. Attack scenario: unauthenticated attackers can inj...
WordPress Giveaways and Contests by RafflePress Plugin <= 1.12.5 is vulnerable to Cross Site Scripting (XSS)
Software Giveaways and Contests by RafflePress Type Plugin Vulnerable versions = 1.12.5 Fixed in 1.12.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1935 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ece07ad4b4ef...