The Giveaways and Contests by RafflePress WordPress plugin before 1.12.14 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/827d738e-5369-431e-8438-b5c4d8c1f8f1/ | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/827d738e-5369-431e-8438-b5c4d8c1f8f1/ | Exploit Third Party Advisory |
Configurations
History
09 Jun 2025, 17:07
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:rafflepress:rafflepress:*:*:*:*:*:wordpress:*:* | |
First Time |
Rafflepress rafflepress
|
13 May 2025, 13:51
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/827d738e-5369-431e-8438-b5c4d8c1f8f1/ - Exploit, Third Party Advisory | |
CWE | CWE-79 | |
First Time |
Rafflepress
Rafflepress giveaways And Contests |
|
CPE | cpe:2.3:a:rafflepress:giveaways_and_contests:*:*:*:*:*:wordpress:*:* |
21 Nov 2024, 09:30
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/827d738e-5369-431e-8438-b5c4d8c1f8f1/ - |
01 Aug 2024, 13:56
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
15 Jul 2024, 13:00
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
13 Jul 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-13 06:15
Updated : 2025-06-09 17:07
NVD link : CVE-2024-3963
Mitre link : CVE-2024-3963
CVE.ORG link : CVE-2024-3963
JSON object : View
Products Affected
rafflepress
- rafflepress
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')