27 matches found
CVE-2026-0808
The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...
CVE-2026-0808
The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...
CVE-2026-0808
CVE-2026-0808: The Spin Wheel WordPress plugin (versions up to 2.1.0) allows unauthenticated, client-side prize manipulation bySending a modified prize_index parameter; server-side validation/randomization is missing. Wordfence notes the issue and indicates patches have been applied; ensure upgra...
EUVD-2026-3143
The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...
CVE-2026-0808 Spin Wheel <= 2.1.0 - Unauthenticated Client-Side Prize Manipulation via 'prize_index' Parameter
The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...
CVE-2026-0808
The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...
CVE-2026-0808 Spin Wheel <= 2.1.0 - Unauthenticated Client-Side Prize Manipulation via 'prize_index' Parameter
The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...
WordPress plugin Spin Wheel has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-3351
The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...
WordPress Spin Wheel plugin <= 2.1.0 - Unauthenticated Client-Side Prize Manipulation via 'prize_index' Parameter vulnerability
Unauthenticated Client-Side Prize Manipulation via 'prizeindex' Parameter vulnerability discovered by jsonc in WordPress Plugin Spin Wheel versions = 2.1.0...
EUVD-2024-37592
Malicious code in bioql PyPI...
EUVD-2024-37591
Malicious code in bioql PyPI...
CVE-2024-38744
Missing Authorization vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS.This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0...
CVE-2024-38744
Missing Authorization vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS.This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0...
CVE-2024-38743
Access Control vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows . This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0...
CVE-2024-38743 WordPress Plum: Spin Wheel & Email Pop-up plugin <= 2.0 - Broken Access Control vulnerability
Access Control vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows . This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0...
CVE-2024-38744 WordPress Plum: Spin Wheel & Email Pop-up plugin <= 2.0 - Broken Access Control to Unauth Stored XSS vulnerability
Missing Authorization vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS.This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0...
CVE-2024-38744 WordPress Plum: Spin Wheel & Email Pop-up plugin <= 2.0 - Broken Access Control to Unauth Stored XSS vulnerability
Missing Authorization vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS.This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0...
CVE-2024-38743
CVE-2024-38743 is a WordPress plugin vulnerability in Plum: Spin Wheel & Email Pop-up (Upqode) affecting versions through 2.0. The connected sources describe a Broken Access Control issue (unauthorized access) in Plum: Spin Wheel & Email Pop-up
CVE-2024-38744
CVE-2024-38744 (Plum: Spin Wheel & Email Pop-up) is tied to Upqode Plum plugin versions n/a through 2.0, with a Missing Authorization vulnerability that enables access to constrained functionality and stores XSS. Public sources indicate unauthenticated access to restricted features and stored XSS...