The Giveaways and Contests by RafflePress WordPress plugin before 1.12.16 does not sanitise and escape some of its Giveaways settings, which could allow high privilege users such as editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Metrics
Affected Vendors & Products
References
History
Thu, 26 Sep 2024 21:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Seedprod
Seedprod rafflepress |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:seedprod:rafflepress:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Seedprod
Seedprod rafflepress |
Thu, 12 Sep 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Rafflepress
Rafflepress giveaways And Contests By Rafflepress |
|
CPEs | cpe:2.3:a:rafflepress:giveaways_and_contests_by_rafflepress:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Rafflepress
Rafflepress giveaways And Contests By Rafflepress |
|
Metrics |
cvssV3_1
|
Thu, 12 Sep 2024 06:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Giveaways and Contests by RafflePress WordPress plugin before 1.12.16 does not sanitise and escape some of its Giveaways settings, which could allow high privilege users such as editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |
Title | Giveaways and Contests by RafflePress < 1.12.16 - Editor+ Stored XSS | |
References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-09-12T06:00:04.189Z
Updated: 2024-09-12T18:30:05.435Z
Reserved: 2024-07-18T19:01:31.012Z
Link: CVE-2024-6887
Vulnrichment
Updated: 2024-09-12T18:29:27.959Z
NVD
Status : Analyzed
Published: 2024-09-12T06:15:24.293
Modified: 2024-09-26T20:38:26.743
Link: CVE-2024-6887
Redhat
No data.