← Back

Competition Form

competition_form

Vendor: Raiserweb • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-12750
1Raiserweb
1Competition Form
Jun 9, 2025
May 15, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The Competition Form WordPress plugin through 2.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-12749
1Raiserweb
1Competition Form
May 11, 2025
Jan 29, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
The Competition Form WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege use...Show more
The Competition Form WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.Show less