Show filters
8 Total Results
Displaying 1-8 of 8
Sort by:
Attacker Value
Unknown
CVE-2025-23934
Disclosure Date: January 16, 2025 (last updated January 17, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PromoSimple Giveaways and Contests by PromoSimple allows Stored XSS.This issue affects Giveaways and Contests by PromoSimple: from n/a through 1.24.
0
Attacker Value
Unknown
CVE-2023-23893
Disclosure Date: December 09, 2024 (last updated December 21, 2024)
Missing Authorization vulnerability in Igor Benic Simple Giveaways allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Giveaways: from n/a through 2.48.0.
0
Attacker Value
Unknown
CVE-2022-4974
Disclosure Date: October 16, 2024 (last updated October 16, 2024)
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
0
Attacker Value
Unknown
CVE-2023-31086
Disclosure Date: November 09, 2023 (last updated November 16, 2023)
Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple Giveaways – Grow your business, email lists and traffic with contests plugin <= 2.46.0 versions.
0
Attacker Value
Unknown
CVE-2023-1122
Disclosure Date: April 10, 2023 (last updated October 08, 2023)
The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its Giveaways options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
0
Attacker Value
Unknown
CVE-2023-1121
Disclosure Date: April 10, 2023 (last updated October 08, 2023)
The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
0
Attacker Value
Unknown
CVE-2023-1120
Disclosure Date: April 10, 2023 (last updated October 08, 2023)
The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
0
Attacker Value
Unknown
CVE-2021-24298
Disclosure Date: May 24, 2021 (last updated February 22, 2025)
The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS
0