5 matches found
EUVD-2024-34220
Malicious code in bioql PyPI...
CVE-2024-12545
CVE-2024-12545: Scratch & Win – Giveaways and Contests (WordPress) is vulnerable to Cross-Site Request Forgery in all versions up to 2.7.1 due to missing nonce validation in reset_installation(); unauthenticated attackers could trigger a forged request to reset the plugin’s installation if a site...
WordPress Scratch & Win – Giveaways and Contests plugin <= 2.7.1 - Cross-Site Request Forgery via reset_installation Function vulnerability
Cross-Site Request Forgery via resetinstallation Function vulnerability discovered by Peter Thaleikis in WordPress Plugin Scratch & Win – Giveaways and Contests versions = 2.7.1...
CVE-2024-11898
The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swin-campaign' shortcode in all versions up to, and including, 2.6.9 due to insufficient input...
CVE-2024-11898
CVE-2024-11898 refers to the WordPress plugin “Scratch & Win – Giveaways and Contests” with a stored XSS vulnerability in the swin-campaign shortcode present in versions up to 2.6.9. The issue arises from insufficient input sanitization and output escaping for user-supplied attributes, allowing a...