Lucene search
K
IbenicSimple Giveaways

5 matches found

CVE
CVE
added 2021/05/24 10:58 a.m.63 views

CVE-2021-24298

CVE-2021-24298 affects WordPress Simple Giveaways plugin versions before 2.36.2. The vulnerability is a reflected XSS in the Giveaway pages caused by unsanitized, unvalidated, and unescaped method and share GET parameters that are echoed back in the page output. Exploitation would allow an attack...

6.1CVSS6AI score0.03451EPSS
Web
CVE
CVE
added 2023/04/10 1:18 p.m.61 views

CVE-2023-1121

CVE-2023-1121 refers to the WordPress plugin Simple Giveaways before version 2.45.1 . The root cause is that the plugin “does not sanitise and escape some of its settings,” enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., m...

4.8CVSS4.9AI score0.00442EPSS
CVE
CVE
added 2023/04/10 1:17 p.m.59 views

CVE-2023-1122

CVE-2023-1122 affects the WordPress plugin Simple Giveaways (before 2.45.1). The issue stems from insufficient sanitization/escaping of Giveaways options, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (multisite). Impact descri...

4.8CVSS4.9AI score0.00446EPSS
CVE
CVE
added 2023/04/10 1:18 p.m.52 views

CVE-2023-1120

CVE-2023-1120 affects the Simple Giveaways WordPress plugin (pre-2.45.1). The vulnerability arises from insufficient sanitization/escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., Administrators) and potentially affecting multisite installations where unfiltered_htm...

4.8CVSS4.9AI score0.00442EPSS
CVE
CVE
added 2023/11/09 10:57 p.m.33 views

CVE-2023-31086

CVE-2023-31086 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the WordPress plugin Simple Giveaways (Igor Benic) versions

8.8CVSS8.9AI score0.00306EPSS