CVE-2023-31086
published 2023-11-09CVE-2023-31086: Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple Giveaways – Grow your business, email lists and traffic with contests plugin <= 2.46.0…
PriorityP335high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.31%
22.2th percentile
Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple Giveaways – Grow your business, email lists and traffic with contests plugin <= 2.46.0 versions.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibenic | simple_giveaways | < 2.46.1 | 2.46.1 |
| mantisbt | mantisbt | >= 0 < 2.25.6 | 2.25.6 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4vhp-q3px-rx42: Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple Giveaways – Grow your business, email lists and traffic with contests plugin <= 2
ghsa_unreviewed·2023-11-10
CVE-2023-31086 [HIGH] CWE-352 GHSA-4vhp-q3px-rx42: Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple Giveaways – Grow your business, email lists and traffic with contests plugin <= 2
Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple Giveaways – Grow your business, email lists and traffic with contests plugin <= 2.46.0 versions.
GHSA
MantisBT may expose private issues' summaries to unauthorized users
ghsa·2023-02-23
CVE-2023-22476 [MEDIUM] CWE-200 MantisBT may expose private issues' summaries to unauthorized users
MantisBT may expose private issues' summaries to unauthorized users
### Impact
Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the _Summary_ field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted `bug_arr[]` parameter in *bug_actiongroup_ext.php*.
### Patches
The vulnerability has been fixed in MantisBT version 2.25.6.
### Workarounds
None
### Credits
Thanks to [d3vpoo1](https://github.com/jrckmcsb) for reporting the issue.
### References
- https://mantisbt.org/bugs/view.php?id=31086
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://patchstack.com/database/vulnerability/giveasap/wordpress-simple-giveaways-plugin-2-45-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cvehttps://patchstack.com/database/vulnerability/giveasap/wordpress-simple-giveaways-plugin-2-45-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
2023-11-09
Published