Refine your search
2 vulnerabilities found for Simple Giveaways – Grow your business, email lists and traffic with contests by Igor Benic
CVE-2023-31086 (GCVE-0-2023-31086)
Vulnerability from cvelistv5
Published
2023-11-09 22:57
Modified
2026-04-28 16:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple Giveaways – Grow your business, email lists and traffic with contests plugin <= 2.46.0 versions.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Igor Benic | Simple Giveaways – Grow your business, email lists and traffic with contests |
Version: n/a < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/giveasap/wordpress-simple-giveaways-plugin-2-45-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31086",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T17:47:51.355973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T17:48:49.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "giveasap",
"product": "Simple Giveaways \u2013 Grow your business, email lists and traffic with contests",
"vendor": "Igor Benic",
"versions": [
{
"changes": [
{
"at": "2.46.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.46.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mika (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple Giveaways \u2013 Grow your business, email lists and traffic with contests plugin \u003c=\u003cspan style=\"background-color: var(--wht);\"\u003e\u00a02.46.0 versions.\u003c/span\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple Giveaways \u2013 Grow your business, email lists and traffic with contests plugin \u003c=\u00a02.46.0 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:20.387Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/giveasap/wordpress-simple-giveaways-plugin-2-45-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u00a02.46.1 or a higher version."
}
],
"value": "Update to\u00a02.46.1 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Simple Giveaways Plugin \u003c= 2.46.0 is vulnerable to Cross Site Request Forgery (CSRF)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-31086",
"datePublished": "2023-11-09T22:57:04.171Z",
"dateReserved": "2023-04-24T05:43:49.921Z",
"dateUpdated": "2026-04-28T16:08:20.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-24298 (GCVE-0-2021-24298)
Vulnerability from cvelistv5
Published
2021-05-24 10:58
Modified
2024-08-03 19:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Igor Benic | Simple Giveaways – Grow your business, email lists and traffic with contests |
Version: 2.36.2 < 2.36.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/30aebded-3eb3-4dda-90b5-12de5e622c91"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codevigilant.com/disclosure/2021/wp-plugin-giveasap-xss/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Simple Giveaways \u2013 Grow your business, email lists and traffic with contests",
"vendor": "Igor Benic",
"versions": [
{
"lessThan": "2.36.2",
"status": "affected",
"version": "2.36.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Shreya Pohekar of Codevigilant Project"
}
],
"descriptions": [
{
"lang": "en",
"value": "The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T10:58:04.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/30aebded-3eb3-4dda-90b5-12de5e622c91"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codevigilant.com/disclosure/2021/wp-plugin-giveasap-xss/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Simple Giveaways \u003c 2.36.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24298",
"STATE": "PUBLIC",
"TITLE": "Simple Giveaways \u003c 2.36.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simple Giveaways \u2013 Grow your business, email lists and traffic with contests",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.36.2",
"version_value": "2.36.2"
}
]
}
}
]
},
"vendor_name": "Igor Benic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Shreya Pohekar of Codevigilant Project"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/30aebded-3eb3-4dda-90b5-12de5e622c91",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/30aebded-3eb3-4dda-90b5-12de5e622c91"
},
{
"name": "https://codevigilant.com/disclosure/2021/wp-plugin-giveasap-xss/",
"refsource": "MISC",
"url": "https://codevigilant.com/disclosure/2021/wp-plugin-giveasap-xss/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24298",
"datePublished": "2021-05-24T10:58:04.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}