2 matches found
CVE-2024-12545
CVE-2024-12545: Scratch & Win – Giveaways and Contests (WordPress) is vulnerable to Cross-Site Request Forgery in all versions up to 2.7.1 due to missing nonce validation in reset_installation(); unauthenticated attackers could trigger a forged request to reset the plugin’s installation if a site...
CVE-2024-11898
CVE-2024-11898 refers to the WordPress plugin “Scratch & Win – Giveaways and Contests” with a stored XSS vulnerability in the swin-campaign shortcode present in versions up to 2.6.9. The issue arises from insufficient input sanitization and output escaping for user-supplied attributes, allowing a...