5 matches found
CVE-2021-24298
CVE-2021-24298 affects WordPress Simple Giveaways plugin versions before 2.36.2. The vulnerability is a reflected XSS in the Giveaway pages caused by unsanitized, unvalidated, and unescaped method and share GET parameters that are echoed back in the page output. Exploitation would allow an attack...
CVE-2023-1121
CVE-2023-1121 refers to the WordPress plugin Simple Giveaways before version 2.45.1 . The root cause is that the plugin “does not sanitise and escape some of its settings,” enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., m...
CVE-2023-1122
CVE-2023-1122 affects the WordPress plugin Simple Giveaways (before 2.45.1). The issue stems from insufficient sanitization/escaping of Giveaways options, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (multisite). Impact descri...
CVE-2023-1120
CVE-2023-1120 affects the Simple Giveaways WordPress plugin (pre-2.45.1). The vulnerability arises from insufficient sanitization/escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., Administrators) and potentially affecting multisite installations where unfiltered_htm...
CVE-2023-31086
CVE-2023-31086 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the WordPress plugin Simple Giveaways (Igor Benic) versions