2 matches found
CVE-2024-11898
The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swin-campaign' shortcode in all versions up to, and including, 2.6.9 due to insufficient input...
PT-2024-17331 · WordPress · Scratch & Win – Giveaways/Contests
Name of the Vulnerable Software and Affected Versions: Scratch & Win – Giveaways and Contests plugin for WordPress versions up to and including 2.6.9 Description: The issue concerns a stored cross-site scripting vulnerability due to insufficient input sanitization and output escaping on...