CVE-2021-24298

Simple Giveaways < 2.36.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)

EPSS 3.5%CWE-79

Vexday Risk Score

18Bajo

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS —EPSS 3.5%KEV nãoPoC —Nuclei simMetasploit —Patch —

Ciclo de vida

24 may 2021Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS

Productos afectados

Igor Benic · Simple Giveaways – Grow your business, email lists and traffic with contests

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://codevigilant.com/disclosure/2021/wp-plugin-giveasap-xss/https://wpscan.com/vulnerability/30aebded-3eb3-4dda-90b5-12de5e622c91