WP-Safety

Simple Giveaways – Grow your business, email lists and traffic with contests Security & Risk Analysis

wordpress.org/plugins/giveasap

Create a Simple Giveaway or Giveaways and grow your email list. Embed them in a post or in a sidebar to increase the conversion.

500 active installs v2.49.0 PHP + WP 4.0+ Updated Jan 15, 2026
competitioncontestgiveawaysweepstakesweepstakes
70
B · Generally Safe
CVEs total9
Unpatched1
Last CVEMay 7, 2025
Plugin page Download
Safety Verdict

Is Simple Giveaways – Grow your business, email lists and traffic with contests Safe to Use in 2026?

Mostly Safe

Score 70/100

Simple Giveaways – Grow your business, email lists and traffic with contests is generally safe to use. 9 past CVEs were resolved. Keep it updated.

9 known CVEs 1 unpatched Last CVE: May 7, 2025Updated 2mo ago
Risk Assessment

The "giveasap" v2.49.0 plugin exhibits a mixed security posture. While it demonstrates good practices in areas like prepared statement usage for SQL queries (94%) and output escaping (90%), significant concerns arise from the identified attack surface and taint analysis. The presence of 15 AJAX handlers, with 2 lacking authentication checks, represents a direct entry point for potential attacks. This is further exacerbated by 14 high-severity taint flows, indicating potential vulnerabilities where unsanitized input could be processed in a dangerous manner. The plugin's vulnerability history is also a cause for concern, with a total of 9 known CVEs, including one currently unpatched high-severity vulnerability. The common types of past vulnerabilities (SQL Injection, CSRF, XSS, Missing Authorization) align with the risks suggested by the static and taint analysis, pointing to recurring weaknesses in input validation and authorization.

Despite some positive security indicators, the unpatched high-severity vulnerability, the unprotected AJAX endpoints, and the significant number of high-severity taint flows collectively present a substantial risk. The pattern of past vulnerabilities suggests that the developers may struggle with consistently implementing robust security measures, particularly around handling user-supplied data and enforcing proper access controls. While the plugin's reliance on prepared statements and output escaping is commendable, these strengths are overshadowed by the critical need to address the identified vulnerabilities and strengthen its overall authorization and input sanitization mechanisms. It is strongly recommended that users update to a version that addresses the unpatched CVE and that further security audits be conducted to mitigate the risks highlighted by the static and taint analysis.

Key Concerns

  • Unpatched high-severity CVE
  • High severity taint flows (14)
  • Unprotected AJAX handlers (2)
  • Flows with unsanitized paths (16)
  • Bundled Freemius v1.0 (potentially outdated)
Vulnerabilities
9

Simple Giveaways – Grow your business, email lists and traffic with contests Security Vulnerabilities

CVEs by Year

1 CVE in 2019
2019
1 CVE in 2021
2021
5 CVEs in 2023
2023
2 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
8

9 total CVEs

CVE-2025-47606medium · 4.3Cross-Site Request Forgery (CSRF)

Simple Giveaways <= 2.48.2 - Cross-Site Request Forgery

May 7, 2025Unpatched
CVE-2025-30819medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Simple Giveaways <= 2.48.1 - Authenticated (Contributor+) SQL Injection

Mar 27, 2025 Patched in 2.48.2 (8d)
CVE-2023-23893medium · 6.5Missing Authorization

Simple Giveaways <= 2.46.0 - Missing Authorization via AJAX actions

Jul 4, 2023 Patched in 2.46.1 (203d)
CVE-2023-31086medium · 5.4Cross-Site Request Forgery (CSRF)

Simple Giveaways <= 2.46 - Cross-Site Request Forgery

Apr 24, 2023 Patched in 2.46.1 (274d)
CVE-2023-1122medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple Giveaways <= 2.45.0 - Authenticated (Editor+) Stored Cross-Site Scripting via Form, Prize, and Sharing Method Fields

Mar 20, 2023 Patched in 2.45.1 (309d)
CVE-2023-1120medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple Giveaways <= 2.45.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings

Mar 20, 2023 Patched in 2.45.1 (309d)
CVE-2023-1121medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple Giveaways <= 2.45.0 - Authenticated(Admin+) Stored Cross-Site Scripting via form fields

Mar 20, 2023 Patched in 2.45.1 (309d)
CVE-2021-24298medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple Giveaways <= 2.36.1 - Reflected Cross-Site Scripting

May 9, 2021 Patched in 2.36.2 (989d)
WF-3fda31fa-efc9-44b9-99ba-9e3e23aa2ee0-giveasaphigh · 8.8Missing Authorization

Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update

Feb 25, 2019 Patched in 2.18.0 (1793d)
Code Analysis
Analyzed Mar 16, 2026

Simple Giveaways – Grow your business, email lists and traffic with contests Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
82 prepared
Unescaped Output
172
1470 escaped
Nonce Checks
16
Capability Checks
19
File Operations
4
External Requests
5
Bundled Libraries
3

Bundled Libraries

Select2Freemius1.0TinyMCE

SQL Query Safety

94% prepared87 total queries

Output Escaping

90% escaped1642 total outputs
Data Flows
16 unsanitized

Data Flow Analysis

25 flows16 with unsanitized paths
giveasap_user_list_screen (admin\admin-screens.php:344)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Simple Giveaways – Grow your business, email lists and traffic with contests Attack Surface

Entry Points20
Unprotected2

AJAX Handlers 15

authwp_ajax_giveasap_activate_integrationadmin\ajax.php:11
authwp_ajax_giveasap_deactivate_integrationadmin\ajax.php:12
authwp_ajax_sg_get_giveaway_form_fieldsadmin\ajax.php:103
authwp_ajax_sg_get_available_giveawaysadmin\ajax.php:142
authwp_ajax_sg_get_giveawaysadmin\ajax.php:170
authwp_ajax_sg_import_site_usersadmin\ajax.php:203
authwp_ajax_sg_extra_action_checkincludes\functions-extra-actions.php:10
noprivwp_ajax_sg_extra_action_checkincludes\functions-extra-actions.php:11
authwp_ajax_sg_extra_action_completeincludes\functions-extra-actions.php:73
noprivwp_ajax_sg_extra_action_completeincludes\functions-extra-actions.php:74
authwp_ajax_giveasap_get_prize_thresholdincludes\giveasap-template-functions.php:1535
noprivwp_ajax_giveasap_get_prize_thresholdincludes\giveasap-template-functions.php:1536
authwp_ajax_automatorwp_get_giveasap_giveawaysincludes\integrations\class-sg-automatorwp.php:49
noprivwp_ajax_sg_facebook_loginincludes\integrations\class-sg-facebook.php:42
authwp_ajax_sg_facebook_loginincludes\integrations\class-sg-facebook.php:43

Shortcodes 5

[giveaway] includes\shortcode.php:19
[giveaway_popup] includes\shortcode.php:20
[giveaway_winners] includes\shortcode.php:21
[giveaway_leaderboard] includes\shortcode.php:22
[giveaway_archive] includes\shortcode.php:23
WordPress Hooks 184
filterpost_updated_messagesadmin\admin-screens.php:15
actionadmin_noticesadmin\admin-screens.php:62
actionadmin_initadmin\admin-screens.php:78
actionadmin_initadmin\admin-screens.php:124
actionadmin_initadmin\admin-screens.php:169
actionadmin_initadmin\admin-screens.php:215
actionadmin_enqueue_scriptsadmin\class-sg-dashboard-widget.php:16
actionadmin_initadmin\class-sg-dashboard-widget.php:17
actionwp_dashboard_setupadmin\class-sg-dashboard-widget.php:26
filterpostbox_classes_dashboard_sg-dashboard-overviewadmin\class-sg-dashboard-widget.php:33
actionadmin_initadmin\class-sg-permalink-settings.php:9
actionadmin_initadmin\class-sg-permalink-settings.php:10
actionadd_meta_boxesadmin\custom-metabox.php:18
actionadmin_initadmin\custom-metabox.php:254
actionadmin_initadmin\custom-metabox.php:291
actionadmin_initadmin\custom-metabox.php:331
actionadmin_initadmin\custom-metabox.php:416
actionadmin_initadmin\custom-metabox.php:447
actionadmin_initadmin\custom-metabox.php:475
actionadmin_initadmin\custom-metabox.php:583
actionadmin_initadmin\custom-metabox.php:674
actionadmin_initadmin\custom-metabox.php:788
actionsave_post_giveasapadmin\custom-metabox.php:895
actiongiveasap_metabox_object_giveasap_textadmin\giveasap-cpt-metabox.php:7
actiongasap_metabox_giveasap_schedule_before_fieldsadmin\giveasap-cpt-metabox.php:21
actionsave_postadmin\giveasap-cpt-schedule.php:9
actionsave_post_giveasapadmin\giveasap-cpt-schedule.php:39
actioninitgiveasap.php:79
actionload-post.phpgiveasap.php:197
actionload-post-new.phpgiveasap.php:198
actionsave_postgiveasap.php:199
actionadmin_enqueue_scriptsgiveasap.php:228
filtergiveasap_the_contentgiveasap.php:229
filtergiveasap_the_contentgiveasap.php:230
filtergiveasap_the_contentgiveasap.php:231
filtergiveasap_the_contentgiveasap.php:232
filtergiveasap_the_contentgiveasap.php:233
filtergiveasap_the_contentgiveasap.php:235
filtergiveasap_the_contentgiveasap.php:237
filtergiveasap_the_contentgiveasap.php:239
filtergiveasap_the_contentgiveasap.php:241
filtergiveasap_the_contentgiveasap.php:242
filterembed_oembed_htmlgiveasap.php:244
actionwidgets_initgiveasap.php:245
actioninitgiveasap.php:246
actioninitgiveasap.php:247
actionplugins_loadedgiveasap.php:248
filtergiveasap_sharing_methodsgiveasap.php:249
actionwp_enqueue_scriptsgiveasap.php:250
actioninitgiveasap.php:253
filtertemplate_includegiveasap.php:318
actioninitgiveasap.php:319
actioninitgiveasap.php:320
actionplugins_loadedgiveasap.php:847
filterwp_privacy_personal_data_exportersincludes\class-ga-gdpr.php:17
filterwp_privacy_personal_data_erasersincludes\class-ga-gdpr.php:18
actionadmin_initincludes\class-ga-gdpr.php:21
filterwp_get_default_privacy_policy_contentincludes\class-ga-gdpr.php:23
actionwp_headincludes\class-giveasap-front.php:1063
actionadmin_menuincludes\class-menu.php:66
filterset-screen-optionincludes\class-menu.php:69
actionsg_prizes_field_table_tbody_columnsincludes\class-prizes.php:16
filtersg_winner_email_textincludes\class-prizes.php:17
filtersg_show_winner_nameincludes\class-prizes.php:18
actionenqueue_block_editor_assetsincludes\class-sg-blocks.php:15
filterblock_categoriesincludes\class-sg-blocks.php:18
filterblock_categories_allincludes\class-sg-blocks.php:20
actioninitincludes\class-sg-blocks.php:23
actioncustomize_registerincludes\class-sg-customizer.php:35
filtercustomize_section_activeincludes\class-sg-customizer.php:36
filtercustomize_panel_activeincludes\class-sg-customizer.php:37
actiontemplate_includeincludes\class-sg-customizer.php:38
actioncustomize_controls_enqueue_scriptsincludes\class-sg-customizer.php:39
actioncustomize_preview_initincludes\class-sg-customizer.php:40
actioninitincludes\class-sg-customizer.php:41
filterwp_mail_fromincludes\class-sg-email.php:68
filterwp_mail_from_nameincludes\class-sg-email.php:69
filterwp_mail_content_typeincludes\class-sg-email.php:70
actionsg_metaboxes_before_registerincludes\class-sg-extra-actions.php:20
actionadmin_footerincludes\class-status.php:103
filtertemplate_includeincludes\functions-email.php:206
actiongiveasap_the_form_endincludes\functions-extra-actions.php:239
actioninitincludes\giveasap-cpt.php:61
actiongiveasap_has_endedincludes\giveasap-functions.php:64
actiongiveasap_remind_subscribersincludes\giveasap-functions.php:75
actionadd_meta_boxesincludes\giveasap-metabox.php:24
actionadd_meta_boxesincludes\giveasap-metabox.php:188
actionsave_postincludes\giveasap-metabox.php:189
actiongiveasap_the_form_endincludes\giveasap-template-functions.php:584
actiongiveasap_form_beforeincludes\giveasap-template-functions.php:602
actionsg_box_headerincludes\giveasap-template-functions.php:700
actionsg_box_headerincludes\giveasap-template-functions.php:750
actionsg_box_headerincludes\giveasap-template-functions.php:795
filtergiveasap_render_form_field_attsincludes\giveasap-template-functions.php:811
actiongiveasap_box_footerincludes\giveasap-template-functions.php:1038
actiongiveasap_box_shortcode_footerincludes\giveasap-template-functions.php:1120
actionsg_footerincludes\giveasap-template-functions.php:1387
actionsg_headerincludes\giveasap-template-functions.php:1388
actionsg_headerincludes\giveasap-template-functions.php:1389
actiongiveasap_form_afterincludes\giveasap-template-functions.php:1391
actiongiveasap_form_before_defaultincludes\giveasap-template-functions.php:1442
actiongiveasap_the_form_endincludes\giveasap-template-functions.php:1454
actiongiveasap_after_prize_threshold_innerincludes\giveasap-template-functions.php:1534
actionafter_setup_themeincludes\integrations\abstracts\class-automatorwp-base-action.php:30
actionafter_setup_themeincludes\integrations\abstracts\class-automatorwp-base-trigger.php:31
actionafter_setup_themeincludes\integrations\abstracts\class-automatorwp-base-trigger.php:34
filtergiveasap_register_user_statusincludes\integrations\automatorwp\actions\class-subscribe.php:223
filtersg_skip_form_fields_validationincludes\integrations\automatorwp\actions\class-subscribe.php:224
filtersg_process_captchaincludes\integrations\automatorwp\actions\class-subscribe.php:225
filterautomatorwp_user_completed_action_log_metaincludes\integrations\automatorwp\actions\class-subscribe.php:253
filterautomatorwp_log_fieldsincludes\integrations\automatorwp\actions\class-subscribe.php:256
filterautomatorwp_user_completed_trigger_log_metaincludes\integrations\automatorwp\class-anonymous-subscribed.php:88
filterautomatorwp_user_completed_trigger_log_metaincludes\integrations\automatorwp\class-anonymous-winners-notified.php:98
filterautomatorwp_user_completed_trigger_log_metaincludes\integrations\automatorwp\class-subscribed.php:92
filterautomatorwp_user_completed_trigger_log_metaincludes\integrations\automatorwp\class-winners-notified.php:99
filtergiveasap_integrationsincludes\integrations\class-ga-active-campaign.php:74
filtergiveasap_integrationsincludes\integrations\class-ga-aweber.php:109
filtergiveasap_integrationsincludes\integrations\class-ga-convertkit.php:109
filtergiveasap_integrationsincludes\integrations\class-ga-mailchimp.php:109
filtergiveasap_integrationsincludes\integrations\class-ga-mailpoet.php:109
actionautomatorwp_initincludes\integrations\class-sg-automatorwp.php:37
actionafter_setup_themeincludes\integrations\class-sg-automatorwp.php:40
actionadmin_footerincludes\integrations\class-sg-automatorwp.php:45
actionautomatorwp_automation_ui_after_integration_triggers_choicesincludes\integrations\class-sg-automatorwp.php:46
filterautomatorwp_get_trigger_tag_replacementincludes\integrations\class-sg-automatorwp.php:48
filtergiveasap_integrationsincludes\integrations\class-sg-automatorwp.php:329
filtergiveasap_integrationsincludes\integrations\class-sg-brevo.php:109
filtergiveasap_integrationsincludes\integrations\class-sg-buddypress.php:30
filtergiveasap_integrationsincludes\integrations\class-sg-daily-entries.php:31
filtergiveasap_integrationsincludes\integrations\class-sg-drip.php:47
filtergiveasap_integrationsincludes\integrations\class-sg-edd.php:45
filtergiveasap_integrationsincludes\integrations\class-sg-elementor.php:29
actionsg_process_registrationincludes\integrations\class-sg-facebook.php:39
actiongiveasap_register_userincludes\integrations\class-sg-facebook.php:40
actionsg_form_before_buttonincludes\integrations\class-sg-facebook.php:41
filtersg_localized_arrayincludes\integrations\class-sg-facebook.php:44
filtersg_process_captchaincludes\integrations\class-sg-facebook.php:45
filtersg_hidden_subscriber_metaincludes\integrations\class-sg-facebook.php:46
actiongiveasap_form_fields_table_tbody_columnsincludes\integrations\class-sg-facebook.php:47
filtergiveasap_register_user_statusincludes\integrations\class-sg-facebook.php:234
filtersg_skip_form_fields_validationincludes\integrations\class-sg-facebook.php:235
filtergiveasap_integrationsincludes\integrations\class-sg-facebook.php:583
filtergiveasap_integrationsincludes\integrations\class-sg-fluentcrm.php:47
filtergamipress_specific_activity_trigger_labelincludes\integrations\class-sg-gamipress.php:34
filtergamipress_activity_triggersincludes\integrations\class-sg-gamipress.php:35
filtergamipress_specific_activity_triggersincludes\integrations\class-sg-gamipress.php:36
actiongiveasap_register_userincludes\integrations\class-sg-gamipress.php:37
filtergamipress_log_event_trigger_meta_dataincludes\integrations\class-sg-gamipress.php:38
filtergamipress_specific_trigger_get_idincludes\integrations\class-sg-gamipress.php:39
filtergamipress_trigger_duplicity_checkincludes\integrations\class-sg-gamipress.php:40
actiongiveasap_notify_winnersincludes\integrations\class-sg-gamipress.php:41
filtergiveasap_integrationsincludes\integrations\class-sg-gamipress.php:206
filtergiveasap_integrationsincludes\integrations\class-sg-give.php:45
filtergiveasap_integrationsincludes\integrations\class-sg-mailerlite.php:109
filtergiveasap_integrationsincludes\integrations\class-sg-mailster.php:108
actiongiveasap_page_initincludes\integrations\class-sg-math-captcha.php:21
actionsg_process_registrationincludes\integrations\class-sg-math-captcha.php:22
actionsg_form_before_buttonincludes\integrations\class-sg-math-captcha.php:23
filtergiveasap_integrationsincludes\integrations\class-sg-math-captcha.php:118
filtergiveasap_integrationsincludes\integrations\class-sg-mycred.php:42
filtergiveasap_integrationsincludes\integrations\class-sg-notifications.php:62
filtergiveasap_integrationsincludes\integrations\class-sg-twitter.php:73
filtergiveasap_integrationsincludes\integrations\class-sg-wc-follow-up-emails.php:47
actionsg_metaboxes_before_registerincludes\integrations\class-sg-webhooks.php:33
actiongiveasap_register_userincludes\integrations\class-sg-webhooks.php:35
filtersg_giveaway_meta_settingsincludes\integrations\class-sg-webhooks.php:37
filtergiveasap_integrationsincludes\integrations\class-sg-webhooks.php:356
filtergiveasap_integrationsincludes\integrations\class-sg-woocommerce.php:45
filtergiveasap_integrationsincludes\integrations\class-sg-wpforms.php:74
filtergiveasap_integrationsincludes\integrations\class-sg-zero-bounce.php:45
actiongiveasap_register_userincludes\register-actions.php:14
actiongiveasap_register_userincludes\register-actions.php:39
actiongiveasap_activated_userincludes\register-actions.php:84
actiongiveasap_register_userincludes\register-actions.php:108
actiongiveasap_register_userincludes\register-actions.php:120
actiongiveasap_update_user_entryincludes\register-actions.php:130
actiongiveasap_update_user_entryincludes\register-actions.php:143
filtersg_giveaway_supportsincludes\register-actions.php:227
actionsg_referrer_awarded_pointsincludes\register-actions.php:260
actionsg_referrer_awarded_pointsincludes\register-actions.php:278
filtersg_giveaway_redirect_entry_linkincludes\register-actions.php:304
actioninitincludes\shortcode.php:10
filtersg_giveaway_displaying_entriesincludes\shortcode.php:272
filtersg_giveaway_collecting_entriesincludes\shortcode.php:692

Scheduled Events 2

giveasap_has_ended
giveasap_remind_subscribers
Maintenance & Trust

Simple Giveaways – Grow your business, email lists and traffic with contests Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0
Last updatedJan 15, 2026
PHP min version
Downloads95K

Community Trust

Rating92/100
Number of ratings20
Active installs500
Alternatives

Simple Giveaways – Grow your business, email lists and traffic with contests Alternatives

Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers

Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers

rafflepress

A
88

The best WordPress giveaway plugin. Grow your email list, website traffic, and social media followers with viral contests, giveaways, and sweepstakes.

30K 11 CVEs
Woobox

Woobox

woobox

A
98

Easily embed your Woobox promotions in WordPress using a simple shortcode.

1K 2 CVEs
Run Contests, Raffles, and Giveaways with ContestsWP

Run Contests, Raffles, and Giveaways with ContestsWP

contest-code-checker

B
74

An easy to use WordPress plugin to do giveaways.

100 1 unpatched
Contests & Giveaways – WordPress Contest Plugin

Contests & Giveaways – WordPress Contest Plugin

giveaways-contests

A
85

Contest Cat Lets You Create Incredible Contests, Giveaways & Sweepstakes With Ease.

100 No CVEs
SweepWidget – Contests, Giveaways, Sweepstakes & Photo Contests

SweepWidget – Contests, Giveaways, Sweepstakes & Photo Contests

sweepwidget

A
99

The best free WordPress contest tool to run giveaways, sweepstakes, photo contests, voting contests, raffles, and instant coupons.

100 1 CVE
Developer Profile

Simple Giveaways – Grow your business, email lists and traffic with contests Developer Profile

Igor Benic

12 plugins · 2K total installs

68
trust score
Avg Security Score
84/100
Avg Patch Time
479 days
View full developer profile
Detection Fingerprints

How We Detect Simple Giveaways – Grow your business, email lists and traffic with contests

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/giveasap/assets/css/admin.css/wp-content/plugins/giveasap/assets/css/giveasap-frontend.css/wp-content/plugins/giveasap/assets/js/giveasap-frontend.js/wp-content/plugins/giveasap/assets/js/giveasap-admin.js
Script Paths
/wp-content/plugins/giveasap/assets/js/giveasap-frontend.js/wp-content/plugins/giveasap/assets/js/giveasap-admin.js
Version Parameters
giveasap/assets/css/admin.css?ver=giveasap/assets/css/giveasap-frontend.css?ver=giveasap/assets/js/giveasap-frontend.js?ver=giveasap/assets/js/giveasap-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
giveasap_pagegiveasap-frontendgiveasap-settings-pagegiveasap-giveaway-list
Data Attributes
data-giveasap-id
JS Globals
giveasap_frontend_params
REST Endpoints
/wp-json/giveasap/v1/giveaway
Shortcode Output
[giveasap_giveaway][giveasap_giveaway_list]
FAQ

Frequently Asked Questions about Simple Giveaways – Grow your business, email lists and traffic with contests