Description
The Giveaways and Contests by RafflePress WordPress plugin before 1.12.14 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Unknown | Giveaways and Contests by RafflePress | unaffected |
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Mon, 09 Jun 2025 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Rafflepress rafflepress
|
|
| CPEs | cpe:2.3:a:rafflepress:rafflepress:*:*:*:*:*:wordpress:*:* | |
| Vendors & Products |
Rafflepress giveaways And Contests
|
Rafflepress rafflepress
|
Tue, 13 May 2025 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Rafflepress
Rafflepress giveaways And Contests |
|
| Weaknesses | CWE-79 | |
| CPEs | cpe:2.3:a:rafflepress:giveaways_and_contests:*:*:*:*:*:wordpress:*:* | |
| Vendors & Products |
Rafflepress
Rafflepress giveaways And Contests |
MITRE
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2024-08-01T20:26:57.225Z
Reserved: 2024-04-18T19:08:32.226Z
Link: CVE-2024-3963
Vulnrichment
Updated: 2024-08-01T20:26:57.225Z
NVD
Status : Analyzed
Published: 2024-07-13T06:15:02.967
Modified: 2025-06-09T17:07:01.677
Link: CVE-2024-3963
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses