VYPR

Scratch & Win

by WordPress

CVEs (2)

  • CVE-2024-11898MedDec 3, 2024
    risk 0.42cvss 6.4epss 0.00

    The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swin-campaign' shortcode in all versions up to, and including, 2.6.9 due to…

  • CVE-2024-13316MedFeb 18, 2025
    risk 0.34cvss 5.3epss 0.00

    The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the apmswn_create_discount() function in all versions up to, and…