CVE-2026-0808

The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...

CVE-2026-0808

CVE-2026-0808: The Spin Wheel WordPress plugin (versions up to 2.1.0) allows unauthenticated, client-side prize manipulation bySending a modified prize_index parameter; server-side validation/randomization is missing. Wordfence notes the issue and indicates patches have been applied; ensure upgra...

EUVD-2026-3143

The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...

CVE-2026-0808 Spin Wheel <= 2.1.0 - Unauthenticated Client-Side Prize Manipulation via 'prize_index' Parameter

The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...

CVE-2026-0808 Spin Wheel <= 2.1.0 - Unauthenticated Client-Side Prize Manipulation via 'prize_index' Parameter

The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...

WordPress plugin Spin Wheel has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-3351

The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...

WordPress Spin Wheel plugin <= 2.1.0 - Unauthenticated Client-Side Prize Manipulation via 'prize_index' Parameter vulnerability

Unauthenticated Client-Side Prize Manipulation via 'prizeindex' Parameter vulnerability discovered by jsonc in WordPress Plugin Spin Wheel versions = 2.1.0...

EUVD-2018-9726

Malware in sbrugna...

Claiming prizes will be bricked if prize periods are not aligned with twab periods

Lines of code Vulnerability details Comments The previous implementation allowed a malicious user to keep updating their balances provided the previous observation fell within the same period. As such, if a draw ends part way through a period, the user would be able to manipulate their average...

CVE-2018-17987

The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum game, uses a certain blockhash value in an attempt to generate a random number for the case where NUMTILES equals the number of people who purchased a tile, which allows an attacker to control the...