Seedprod Rafflepress
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Seedprod Rafflepress.
By the Year
In 2026 there have been 0 vulnerabilities in Seedprod Rafflepress. Last year, in 2025 Rafflepress had 1 security vulnerability published. Right now, Rafflepress is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 0.00 |
| 2024 | 2 | 5.55 |
| 2023 | 1 | 6.40 |
It may take a day or so for new Rafflepress vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Seedprod Rafflepress Security Vulnerabilities
RafflePress WP Plugin <1.12.17: Stored XSS via unsanitised settings
CVE-2024-10107
- May 15, 2025
The Giveaways and Contests by RafflePress WordPress plugin before 1.12.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
XSS
WordPress RafflePress <1.12.16 Stored XSS via unsanitised Giveaway settings
CVE-2024-6887
4.8 - Medium
- September 12, 2024
The Giveaways and Contests by RafflePress WordPress plugin before 1.12.16 does not sanitise and escape some of its Giveaways settings, which could allow high privilege users such as editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
XSS
Missing Auth in RafflePress Giveaways v1.12.4
CVE-2024-4745
6.3 - Medium
- June 10, 2024
Missing Authorization vulnerability in RafflePress Giveaways and Contests by RafflePress.This issue affects Giveaways and Contests by RafflePress: from n/a through 1.12.4.
AuthZ
WP RafflePress <=1.12.x XSS via giframe attr (shortcode)
CVE-2023-5049
6.4 - Medium
- October 30, 2023
The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepress_gutenberg' shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on 'giframe' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Seedprod Rafflepress or by Seedprod? Click the Watch button to subscribe.
