cleantalk

Vulnerabilities and Security Researches

Security report for CVE Simple Giveaways – Grow your business, email lists and traffic with contests > CVE-2023-1122

CVE, Research URL

CVE-2023-1122

Home page URL

Security reports for Simple Giveaways – Grow your business, email lists and traffic with contests

Application

Simple Giveaways – Grow your business, email lists and traffic with contests

Published on
Apr 10, 2023
Research Description
The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its Giveaways options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions
Min -, max 2.45.1.
Status
vulnerable
Previous vulnerability researches
Simple Giveaways – Grow your business, email lists and traffic with contests (CVE-2023-23893) , Jun 10, 2024
Simple Giveaways – Grow your business, email lists and traffic with contests (CVE-2022-4974) , Nov 15, 2024
Simple Giveaways – Grow your business, email lists and traffic with contests (CVE-2021-24298) , Jun 07, 2024
Simple Giveaways – Grow your business, email lists and traffic with contests (CVE-2023-1121) , Jun 07, 2024
Simple Giveaways – Grow your business, email lists and traffic with contests (CVE-2023-1122) , Jun 07, 2024
New vulnerability
Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time (CVE-2024-13841) , Feb 09, 2025
LikeBot – Decentralized like-system (CVE-2025-0522) , Feb 09, 2025
BookPress – For Book Authors (CVE-2025-25167) , Feb 09, 2025
Music Sheet Viewer (CVE-2025-25155) , Feb 09, 2025
Listings for Appfolio (CVE-2025-22658) , Feb 07, 2025