Stored Cross-Site Scripting Vulnerability in RafflePress Plugin for WordPress
CVE-2025-12484

7.2HIGH

Key Information:

Vendor: WordPress
Status: Giveaways And Contests By Rafflepress – Get More Website Traffic, Email Subscribers, And Social Followers
Vendor: CVE Published:; 19 November 2025

What is CVE-2025-12484?

The Giveaways and Contests by RafflePress plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability. This issue arises from inadequate input sanitization and output escaping related to multiple social media username parameters. Attackers can exploit this vulnerability to inject malicious web scripts. These scripts can execute whenever a user accesses an affected page, potentially leading to unauthorized actions and data exposure for users interacting with the compromised pages.

Affected Version(s)

Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers * <= 1.12.19

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/rafflepress/ta...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 19, 2025
Vulnerability Reserved
Oct 29, 2025

Credit

Naoya Takahashi

JSON