Threat Entry Updated 2024-12-09

CVE-2023-23887 - simple_giveaways Plugin

Missing Authorization vulnerability in Shaon Easy Google Analytics for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Google Analytics for WordPress: from n/a through 1.6.0.

PLUGIN simple_giveaways

CVE-2023-23887

MEDIUM CVSS 5.3 2024-12-09

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-02-11

CVE-2023-1122 - Simple Giveaways Plugin

The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its Giveaways options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Simple Giveaways

CVE-2023-1122

MEDIUM CVSS 4.8 2023-04-10

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-02-11

CVE-2023-1121 - Simple Giveaways Plugin

The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Simple Giveaways

CVE-2023-1121

MEDIUM CVSS 4.8 2023-04-10

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-02-11

CVE-2023-1120 - Simple Giveaways Plugin

The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Simple Giveaways

CVE-2023-1120

MEDIUM CVSS 4.8 2023-04-10

Risk Score

Open Full Technical Breakdown