15 matches found
CVE-2025-14541
The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.22 via the conditionaltags parameter. This is due to the plugin using PHP's eval function on user-controlled input without proper validation or sanitization. This makes i...
CVE-2025-14541 Lucky Wheel Giveaway <= 1.0.22 - Authenticated (Administrator+) Remote Code Execution via 'conditional_tags' Parameter
The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.22 via the conditionaltags parameter. This is due to the plugin using PHP's eval function on user-controlled input without proper validation or sanitization. This makes i...
CVE-2025-14541
The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.22 via the conditionaltags parameter. This is due to the plugin using PHP's eval function on user-controlled input without proper validation or sanitization. This makes i...
CVE-2025-14541 Lucky Wheel Giveaway <= 1.0.22 - Authenticated (Administrator+) Remote Code Execution via 'conditional_tags' Parameter
The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.22 via the conditionaltags parameter. This is due to the plugin using PHP's eval function on user-controlled input without proper validation or sanitization. This makes i...
CVE-2025-14541
CVE-2025-14541 refers to the WordPress plugin “Lucky Wheel Giveaway” (versions up to and including 1.0.22) with a Remote Code Execution vulnerability. The root cause is PHP eval() being applied to user-controlled input via the conditional_tags parameter, allowing an authenticated attacker with Ad...
WordPress plugin Lucky Wheel Giveaway 代码注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress Lucky Wheel Giveaway plugin <= 1.0.22 - Authenticated (Administrator+) Remote Code Execution via 'conditional_tags' Parameter vulnerability
Authenticated Administrator+ Remote Code Execution via 'conditionaltags' Parameter vulnerability discovered by Nguyen Truong Roll - FPT IS in WordPress Plugin Lucky Wheel Giveaway versions = 1.0.22...
CVE-2025-14509
The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval to execute user-supplied input from the 'Conditional Tags' setting without proper validation or sanitization...
CVE-2025-14509
The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval to execute user-supplied input from the 'Conditional Tags' setting without proper validation or sanitization...
CVE-2025-14509 Lucky Wheel for WooCommerce – Spin a Sale <= 1.1.13 - Authenticated (Administrator+) PHP Code Injection via Conditional Tags
The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval to execute user-supplied input from the 'Conditional Tags' setting without proper validation or sanitization...
CVE-2025-14509
CVE-2025-14509 (Lucky Wheel for WooCommerce – Spin a Sale) is a PHP code injection flaw in the plugin that uses eval() to execute unsanitized input from the Conditional Tags setting. It affects all versions up to 1.1.13, enabling authenticated attackers with Administrator-level access (and, in Wo...
WordPress Lucky Wheel for WooCommerce – Spin a Sale plugin <= 1.1.13 - Authenticated (Administrator+) PHP Code Injection via Conditional Tags vulnerability
Authenticated Administrator+ PHP Code Injection via Conditional Tags vulnerability discovered by Nguyen Truong Roll - FPT IS in WordPress Plugin Lucky Wheel for WooCommerce – Spin a Sale versions = 1.1.13...
WordPress plugin Lucky Wheel for WooCommerce – Spin a Sale 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based...
WordPress Lucky Wheel for WooCommerce – Spin a Sale plugin <= 1.0.10 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress Lucky Wheel for WooCommerce – Spin a Sale plugin versions = 1.0.10. Solution Update the WordPress Lucky Wheel for WooCommerce – Spin a Sale plugin to the latest available version at least 1.0.11...
Lucky Wheel Slots - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities
HackApp vulnerability scanner discovered that application Lucky Wheel Slots published at the 'play' market has multiple vulnerabilities...