cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12545,https://securityvulnerability.io/vulnerability/CVE-2024-12545,Cross-Site Request Forgery Vulnerability in Scratch & Win Plugin for WordPress,"The Scratch & Win – Giveaways and Contests Plugin for WordPress contains a Cross-Site Request Forgery vulnerability found in all versions up to and including 2.7.1. The flaw stems from the exclusion of nonce validation in the reset_installation() function, allowing unauthenticated attackers to potentially reset the plugin's installation. This could occur if an attacker successfully deceives an administrator into executing an action, like clicking on a malicious link, thereby exploiting the vulnerability.",Wordpress,"Scratch & Win – Giveaways And Contests. Boost Subscribers, Traffic, Repeat Visits,  Referrals, Sales And More",5.4,MEDIUM,0.0005200000014156103,false,,false,false,false,false,false,false,2025-01-04T07:24:23.961Z,0
CVE-2024-11898,https://securityvulnerability.io/vulnerability/CVE-2024-11898,Stored Cross-Site Scripting Vulnerability Affects Scratch & Win Plugin,"The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits,  referrals, sales and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swin-campaign' shortcode in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Scratch & Win – Giveaways And Contests. Boost Subscribers, Traffic, Repeat Visits,  Referrals, Sales And More",6.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-12-03T07:34:58.010Z,0