VYPR

Lucky Wheel Giveaway

by WordPress

CVEs (1)

  • CVE-2025-14541HigFeb 11, 2026
    risk 0.40cvss 7.2epss 0.00

    The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.22 via the conditional_tags parameter. This is due to the plugin using PHP's eval() function on user-controlled input without proper validation or…