cleantalk

Vulnerabilities and Security Researches

Security report for CVE Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more > CVE-2024-12545

CVE, Research URL

CVE-2024-12545

Home page URL

Security reports for Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more

Application

Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more

Published on
Jan 04, 2025
Research Description
The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.1. This is due to missing nonce validation on the reset_installation() function. This makes it possible for unauthenticated attackers to reset the plugin’s installation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 2.8.0.
Status
vulnerable
Previous vulnerability researches
Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more (CVE-2024-11898) , Dec 06, 2024
Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more (CVE-2024-12545) , Jan 05, 2025
New vulnerability
Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time (CVE-2024-13841) , Feb 09, 2025
LikeBot – Decentralized like-system (CVE-2025-0522) , Feb 09, 2025
BookPress – For Book Authors (CVE-2025-25167) , Feb 09, 2025
Music Sheet Viewer (CVE-2025-25155) , Feb 09, 2025
Listings for Appfolio (CVE-2025-22658) , Feb 07, 2025