Lucene search
K

4 matches found

NVD
NVD
added 2026/01/17 7:16 a.m.6 views

CVE-2026-0808

The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...

5.3CVSS0.00312EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/17 6:42 a.m.2 views

CVE-2026-0808

The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...

5.3CVSS5.3AI score0.00312EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/17 6:42 a.m.25 views

CVE-2026-0808 Spin Wheel <= 2.1.0 - Unauthenticated Client-Side Prize Manipulation via 'prize_index' Parameter

The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...

5.3CVSS0.00312EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/17 6:42 a.m.6 views

EUVD-2026-3143

The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...

5.3CVSS5.5AI score0.00312EPSS
Exploits0References5
Rows per page
Query Builder