38 matches found
CVE-2025-66064 WordPress Giveaways and Contests by RafflePress plugin <= 1.12.20 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Syed Balkhi Giveaways and Contests by RafflePress rafflepress allows Cross Site Request Forgery.This issue affects Giveaways and Contests by RafflePress: from n/a through = 1.12.20...
CVE-2025-66064
CVE-2025-66064 : WordPress plugin Giveaways and Contests by RafflePress (versions = 1.12.20 or as indicated by the vendor) or apply vendor-provided mitigation per the connected docs. Monitor for additional updates from Red Hat/ENISA/CVE listings as referenced.
CVE-2025-66064 WordPress Giveaways and Contests by RafflePress plugin <= 1.12.20 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Syed Balkhi Giveaways and Contests by RafflePress rafflepress allows Cross Site Request Forgery.This issue affects Giveaways and Contests by RafflePress: from n/a through = 1.12.20...
WordPress plugin Giveaways and Contests by RafflePress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-47739
Cross-Site Request Forgery CSRF vulnerability in Syed Balkhi Giveaways and Contests by RafflePress rafflepress allows Cross Site Request Forgery.This issue affects Giveaways and Contests by RafflePress: from n/a through = 1.12.20...
CVE-2025-12484
The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple social media username parameters in all versions up to, and including, 1.12.19 due to insufficient input...
CVE-2025-12484
The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple social media username parameters in all versions up to, and including, 1.12.19 due to insufficient input...
WordPress plugin Giveaways and Contests by RafflePress 跨站脚本漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...
EUVD-2023-12265
Malicious code in bioql PyPI...
EUVD-2023-57392
Malicious code in bioql PyPI...
EUVD-2025-15354
Malicious code in bioql PyPI...
CVE-2025-49997 WordPress Giveaways and Contests by RafflePress plugin <= 1.12.18 - Broken Access Control + CSRF Vulnerability
Missing Authorization vulnerability in Syed Balkhi Giveaways and Contests by RafflePress rafflepress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Giveaways and Contests by RafflePress: from n/a through = 1.12.18...
WordPress Giveaways and Contests by RafflePress plugin <= 1.12.18 - Broken Access Control + CSRF Vulnerability
Broken Access Control + CSRF Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Giveaways and Contests by RafflePress versions = 1.12.18...
CVE-2024-3963
The Giveaways and Contests by RafflePress WordPress plugin before 1.12.14 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks...
CVE-2024-6887
The Giveaways and Contests by RafflePress WordPress plugin before 1.12.16 does not sanitise and escape some of its Giveaways settings, which could allow high privilege users such as editor and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallow...
CVE-2023-5049
The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepressgutenberg' shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on 'giframe' user supplied...
CVE-2024-10107
The Giveaways and Contests by RafflePress WordPress plugin before 1.12.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-10107
The Giveaways and Contests by RafflePress WordPress plugin before 1.12.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-10107
The Giveaways and Contests by RafflePress WordPress plugin before 1.12.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-10107 Giveaways and Contests by RafflePress < 1.12.17 - Admin+ Stored XSS
The Giveaways and Contests by RafflePress WordPress plugin before 1.12.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...