cleantalk
Vulnerabilities and Security Researches

Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers, CVE-2024-10107

CVE, Research URL

CVE-2024-10107

Home page URL

Security reports for Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers

Application

Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers

Published on
May 16, 2025
Research Description
The Giveaways and Contests by RafflePress WordPress plugin before 1.12.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions
max 1.12.17.
Status
vulnerable
Previous vulnerability researches
Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers (CVE-2024-10107) , Apr 17, 2025
Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers (CVE-2024-3963) , Jul 15, 2024
Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers (CVE-2025-49997) , Jun 22, 2025
Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers (CVE-2024-6887) , Sep 13, 2024
Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers (CVE-2024-4745) , Jun 07, 2024
New vulnerability
GitHub Gist Shortcode Plugin (CVE-2025-12667) , Dec 12, 2025
Cryptocurrency Payment Gateway for WooCommerce (CVE-2025-12392) , Dec 12, 2025
Wbcom Designs – Private Community for BuddyPress (CVE-2025-67582) , Dec 12, 2025
WP-Walla (CVE-2025-12589) , Dec 12, 2025
Master Addons for Elementor (CVE-2025-63055) , Dec 12, 2025