CVE: CVE-2024-1935

Descrizione: The Giveaways and Contests by RafflePress – a plugin for WordPress that increases website traffic, email subscribers, and social followers, is vulnerable to Stored Cross-Site Scripting via the ‘parent_url’ parameter in all versions up to, and including, 1.12.5 due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages that will execute whenever a user accesses an injected page.

Vettore di attacco CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Riferimenti esterni

• https://www.wordfence.com/threat-intel/vulnerabilities/id/29b471ac-3a08-42da-9907-670c3b3bae92?source=cve
• https://plugins.trac.wordpress.org/browser/rafflepress/tags/1.12.5/resources/views/rafflepress-giveaway.php
• https://plugins.trac.wordpress.org/changeset?old_path=/rafflepress/tags/1.12.5&old=3043286&new_path=/rafflepress/tags/1.12.7&new=3043286&sfp_email=&sfph_mail=

Prodotti interessati

• smub – Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers

Relazioni con altri prodotti

Produttore:smub
Prodotto: Giveaways and Contests by RafflePress – Get More Website Traffic
Anno: 2024
CWE:
CVSS: 0.0

Produttore:smub
Prodotto: Email Subscribers
Anno: 2024
CWE:
CVSS: 0.0

Produttore:smub
Prodotto: Social Followers
Anno: 2024
CWE:
CVSS: 0.0

Ulteriori risorse disponibili

• Vulnerabilità scoperte nello stesso anno (2024)