Lucene search
K

5 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-34220

Malicious code in bioql PyPI...

6.4CVSS8.7AI score0.00288EPSS
Exploits0References4
CVE
CVE
added 2025/01/04 7:24 a.m.81 views

CVE-2024-12545

CVE-2024-12545: Scratch & Win – Giveaways and Contests (WordPress) is vulnerable to Cross-Site Request Forgery in all versions up to 2.7.1 due to missing nonce validation in reset_installation(); unauthenticated attackers could trigger a forged request to reset the plugin’s installation if a site...

5.4CVSS5.2AI score0.00202EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2025/01/03 10:3 p.m.3 views

WordPress Scratch & Win – Giveaways and Contests plugin <= 2.7.1 - Cross-Site Request Forgery via reset_installation Function vulnerability

Cross-Site Request Forgery via resetinstallation Function vulnerability discovered by Peter Thaleikis in WordPress Plugin Scratch & Win – Giveaways and Contests versions = 2.7.1...

5.4CVSS7AI score0.00202EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/12/03 8:15 a.m.23 views

CVE-2024-11898

The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swin-campaign' shortcode in all versions up to, and including, 2.6.9 due to insufficient input...

6.4CVSS0.00288EPSS
Exploits0References3
CVE
CVE
added 2024/12/03 7:34 a.m.52 views

CVE-2024-11898

CVE-2024-11898 refers to the WordPress plugin “Scratch & Win – Giveaways and Contests” with a stored XSS vulnerability in the swin-campaign shortcode present in versions up to 2.6.9. The issue arises from insufficient input sanitization and output escaping for user-supplied attributes, allowing a...

6.4CVSS5.8AI score0.00288EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder