cleantalk
Vulnerabilities and Security Researches

Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more, CVE-2024-13316

CVE, Research URL

CVE-2024-13316

Home page URL

Security reports for Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more

Application

Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more

Published on
Feb 18, 2025
Research Description
The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the apmswn_create_discount() function in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated attackers to create coupons.
Affected versions
Min -, max 2.9.0.
Status
vulnerable
Previous vulnerability researches
Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more (CVE-2024-11898) , Dec 06, 2024
Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more (CVE-2024-13316) , Feb 21, 2025
Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more (CVE-2024-12545) , Jan 05, 2025
New vulnerability
License For Envato (CVE-2025-39399) , Apr 25, 2025
occupancyplan (CVE-2025-46450) , Apr 25, 2025
Wp Custom CMS Block (CVE-2025-46457) , Apr 25, 2025
Google News (CVE-2025-46452) , Apr 25, 2025
LSD Custom taxonomy and category meta (CVE-2025-46502) , Apr 25, 2025