CVE-2021-24298

MEDIUM NUCLEI

simple_giveaways < 2.36.2 - Reflected Cross-Site Scripting via Method and Share GET Parameters

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2021-24298 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS

Nuclei Templates (1)

WordPress Simple Giveaways <2.36.2 - Cross-Site Scripting
MEDIUMby daffainfo

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://wpscan.com/vulnerability/30aebded-3eb3-4dda-90b5-12de5e622c91
Exploit, Third Party Advisory x_refsource_misc
https://codevigilant.com/disclosure/2021/wp-plugin-giveasap-xss/

Scores

CVSS v3 6.1
EPSS 0.0345
EPSS Percentile 87.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
ibenic/simple_giveaways < 2.36.2
Published May 24, 2021
Tracked Since Feb 18, 2026