/

CVE-2024-1935 Report - Details, Severity, & Advisories

CVE-2024-1935 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2024-1935?

A high-severity vulnerability, CVE-2024-1935, has been identified in the Giveaways and Contests by RafflePress plugin for WordPress, affecting all versions up to and including 1.12.5. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts into pages, which will execute whenever a user accesses an injected page. The issue primarily impacts WordPress websites using the affected versions of the plugin, posing a significant risk to their security.

Who is impacted?

The CVE-2024-1935 vulnerability affects users of the Giveaways and Contests by RafflePress plugin for WordPress, specifically those using versions up to and including 1.12.5. This security issue allows unauthenticated attackers to inject harmful web scripts into pages, which then execute when a user visits the affected page. It is important for users of this plugin to be aware of the potential risks associated with this vulnerability.

What to do if CVE-2024-1935 affected you?

If you're affected by the CVE-2024-1935 vulnerability, it's crucial to take action to protect your WordPress website. To mitigate the risk, follow these simple steps:

  1. Update the Giveaways and Contests by RafflePress plugin to version 1.12.7 or a newer patched version.

  2. Regularly check for updates and apply them promptly to maintain security.

Is it in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-1935 vulnerability, known as Stored Cross-Site Scripting in Giveaways and Contests by RafflePress plugin for WordPress, is not listed in CISA's Known Exploited Vulnerabilities Catalog. It was published on March 13, 2024, and the required action is to update the plugin to version 1.12.7 or a newer patched version to mitigate the risk.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as Stored Cross-Site Scripting (XSS), affecting the 'parent_url' parameter in the Giveaways and Contests by RafflePress plugin for WordPress.

Learn More

CVE-2024-1935 is a high-severity vulnerability in the Giveaways and Contests by RafflePress plugin for WordPress, posing significant risks to affected websites. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2024-1935 Report - Details, Severity, & Advisories

CVE-2024-1935 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2024-1935?

A high-severity vulnerability, CVE-2024-1935, has been identified in the Giveaways and Contests by RafflePress plugin for WordPress, affecting all versions up to and including 1.12.5. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts into pages, which will execute whenever a user accesses an injected page. The issue primarily impacts WordPress websites using the affected versions of the plugin, posing a significant risk to their security.

Who is impacted?

The CVE-2024-1935 vulnerability affects users of the Giveaways and Contests by RafflePress plugin for WordPress, specifically those using versions up to and including 1.12.5. This security issue allows unauthenticated attackers to inject harmful web scripts into pages, which then execute when a user visits the affected page. It is important for users of this plugin to be aware of the potential risks associated with this vulnerability.

What to do if CVE-2024-1935 affected you?

If you're affected by the CVE-2024-1935 vulnerability, it's crucial to take action to protect your WordPress website. To mitigate the risk, follow these simple steps:

  1. Update the Giveaways and Contests by RafflePress plugin to version 1.12.7 or a newer patched version.

  2. Regularly check for updates and apply them promptly to maintain security.

Is it in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-1935 vulnerability, known as Stored Cross-Site Scripting in Giveaways and Contests by RafflePress plugin for WordPress, is not listed in CISA's Known Exploited Vulnerabilities Catalog. It was published on March 13, 2024, and the required action is to update the plugin to version 1.12.7 or a newer patched version to mitigate the risk.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as Stored Cross-Site Scripting (XSS), affecting the 'parent_url' parameter in the Giveaways and Contests by RafflePress plugin for WordPress.

Learn More

CVE-2024-1935 is a high-severity vulnerability in the Giveaways and Contests by RafflePress plugin for WordPress, posing significant risks to affected websites. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2024-1935 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2024-1935?

A high-severity vulnerability, CVE-2024-1935, has been identified in the Giveaways and Contests by RafflePress plugin for WordPress, affecting all versions up to and including 1.12.5. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts into pages, which will execute whenever a user accesses an injected page. The issue primarily impacts WordPress websites using the affected versions of the plugin, posing a significant risk to their security.

Who is impacted?

The CVE-2024-1935 vulnerability affects users of the Giveaways and Contests by RafflePress plugin for WordPress, specifically those using versions up to and including 1.12.5. This security issue allows unauthenticated attackers to inject harmful web scripts into pages, which then execute when a user visits the affected page. It is important for users of this plugin to be aware of the potential risks associated with this vulnerability.

What to do if CVE-2024-1935 affected you?

If you're affected by the CVE-2024-1935 vulnerability, it's crucial to take action to protect your WordPress website. To mitigate the risk, follow these simple steps:

  1. Update the Giveaways and Contests by RafflePress plugin to version 1.12.7 or a newer patched version.

  2. Regularly check for updates and apply them promptly to maintain security.

Is it in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-1935 vulnerability, known as Stored Cross-Site Scripting in Giveaways and Contests by RafflePress plugin for WordPress, is not listed in CISA's Known Exploited Vulnerabilities Catalog. It was published on March 13, 2024, and the required action is to update the plugin to version 1.12.7 or a newer patched version to mitigate the risk.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as Stored Cross-Site Scripting (XSS), affecting the 'parent_url' parameter in the Giveaways and Contests by RafflePress plugin for WordPress.

Learn More

CVE-2024-1935 is a high-severity vulnerability in the Giveaways and Contests by RafflePress plugin for WordPress, posing significant risks to affected websites. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.