cleantalk

Vulnerabilities and Security Researches

Security report for CVE Simple Giveaways – Grow your business, email lists and traffic with contests > CVE-2023-23893

CVE, Research URL

CVE-2023-23893

Home page URL

Security reports for Simple Giveaways – Grow your business, email lists and traffic with contests

Application

Simple Giveaways – Grow your business, email lists and traffic with contests

Published on
-
Research Description
The Simple Giveaways plugin for WordPress is vulnerable to unauthorized actions due to a missing capability check on several AJAX actions in versions up to, and including, 2.46.0. This makes it possible for unauthenticated attackers to perform unauthorized actions allowing them to see available giveaways, save plugin settings, end giveaways and select winners among other things.
Affected versions
Min -, max 2.46.0.
Status
vulnerable
Previous vulnerability researches
Simple Giveaways – Grow your business, email lists and traffic with contests (CVE-2023-23893) , Jun 10, 2024
Simple Giveaways – Grow your business, email lists and traffic with contests (CVE-2022-4974) , Nov 15, 2024
Simple Giveaways – Grow your business, email lists and traffic with contests (CVE-2021-24298) , Jun 07, 2024
Simple Giveaways – Grow your business, email lists and traffic with contests (CVE-2023-1121) , Jun 07, 2024
Simple Giveaways – Grow your business, email lists and traffic with contests (CVE-2023-1122) , Jun 07, 2024
New vulnerability
Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time (CVE-2024-13841) , Feb 09, 2025
LikeBot – Decentralized like-system (CVE-2025-0522) , Feb 09, 2025
BookPress – For Book Authors (CVE-2025-25167) , Feb 09, 2025
Music Sheet Viewer (CVE-2025-25155) , Feb 09, 2025
Listings for Appfolio (CVE-2025-22658) , Feb 07, 2025