CVE-2021-24298

MEDIUM NUCLEI

Ibenic Simple Giveaways < 2.36.2 - XSS

Title source: rule

Description

The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS

Nuclei Templates (1)

WordPress Simple Giveaways <2.36.2 - Cross-Site Scripting

MEDIUMby daffainfo

References (2)

[Exploit, Third Party Advisory] https://codevigilant.com/disclosure/2021/wp-plugin-giveasap-xss/

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/30aebded-3eb3-4dda-90b5-12de5e622c91

Scores

CVSS v3 6.1

EPSS 0.1394

EPSS Percentile 94.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

ibenic/simple_giveaways < 2.36.2

Published May 24, 2021

Tracked Since Feb 18, 2026