CVE-2025-66064

CVE-2025-66064 : WordPress plugin Giveaways and Contests by RafflePress (versions = 1.12.20 or as indicated by the vendor) or apply vendor-provided mitigation per the connected docs. Monitor for additional updates from Red Hat/ENISA/CVE listings as referenced.

Giveaways and Contests by RafflePress < 1.11.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC rafflepress id='1' minheight="'; alert1...

WordPress plugin Giveaway SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A SQL injection vulnerability exists in WordPress...

WordPress Giveaway plugin <= 1.2.2 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Mesut Cetin in WordPress Giveaway plugin versions = 1.2.2. Solution This plugin has been closed as of July 1, 2021 and is not available for download. This closure is temporary, pending a full review...