CVE-2023-31086 — Cross-Site Request Forgery in Simple Giveaways

CWE-352 — Cross-Site Request Forgery CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.1%

top 73.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ibenic Simple Giveaways

Timeline

PublishedNov 9

Latest updateNov 10

Description

Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple Giveaways – Grow your business, email lists and traffic with contests plugin <= 2.46.0 versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDibenic/simple_giveaways< 2.46.1

🔴Vulnerability Details

GHSA

GHSA-4vhp-q3px-rx42: Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple Giveaways – Grow your business, email lists and traffic with contests plugin <= 2↗2023-11-10

▶

CVEList

WordPress Simple Giveaways Plugin <= 2.46.0 is vulnerable to Cross Site Request Forgery (CSRF)↗2023-11-09

▶

GHSA

MantisBT may expose private issues' summaries to unauthorized users↗2023-02-23

▶