Simple Giveaways – Grow your business, email lists and traffic with contests

Vulnerabilities 15Slug giveasapLatest version 2.49.0WordPress.org →

Minimum safe version

2.48.2

Update to 2.48.2 or later to address 14 fixable vulnerabilities

Latest available2.49.0 ✓⚠ 1 vulnerability has no fix

Medium 4.3 Unfixed

2025-05-07≤ 2.49.0

WordPress Simple Giveaways plugin <= 2.49.0 - Cross Site Request Forgery (CSRF) vulnerability

CVE EUVD Wordfence

High 8.5

2025-03-27< 2.48.2

CVE-2025-30819

CVE Patchstack Wordfence EUVD

Medium 6.3

2024-10-16< 2.42.1

Freemius SDK <= 2.4.2 - Missing Authorization Checks

CVE

N/A

2023-07-18< 2.46.1

WordPress Simple Giveaways Plugin <= 2.46.0 is vulnerable to Cross Site Scripting (XSS)

Patchstack WPScan CVE

Medium 5.3

2024-12-09< 2.46.1

CVE-2023-23893

CVE Patchstack Wordfence

Medium 5.4

2023-11-09< 2.46.1

CVE-2023-31086

CVE Wordfence Patchstack WPScan

Medium 4.8

2023-04-11< 2.45.1

WordPress Simple Giveaways Plugin < 2.45.1 is vulnerable to Cross Site Scripting (XSS)

Patchstack CVE Wordfence WPScan

Medium 4.8

2023-04-10< 2.45.1

CVE-2023-1121

CVE Wordfence WPScan

Medium 4.8

2023-04-11< 2.45.1

WordPress Simple Giveaways Plugin < 2.45.1 is vulnerable to Cross Site Scripting (XSS)

Patchstack CVE Wordfence WPScan

N/A

2019-02-25< 2.18.0

Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update

Wordfence

N/A

2022-03-04< 2.42.1

Freemius SDK <= 2.4.2 - Missing Authorization Checks

Wordfence

N/A

< 2.18.0

Freemius Library < 2.2.4 - Subscriber+ Arbitrary Option Update

WPScan

N/A

2022-02-28< 2.42.1

WordPress Simple Giveaways plugin <= 2.42.0 - Sensitive Information Disclosure vulnerability

Patchstack

N/A

2022-02-28< 2.42.1

WordPress Simple Giveaways plugin <= 2.42.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Patchstack

Medium 6.1

2021-05-24< 2.36.2

CVE-2021-24298

CVE Patchstack Wordfence WPScan