CVE-2024-7822 Quick Code <= 1.0 - Stored XSS via CSRF

2024-09-1206:00:05

WPScan

www.cve.org

wordpress

csrf

vulnerability

stored xss

attack

plugin

EPSS

0.001

Percentile

17.7%

JSON

The Quick Code WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Quick Code",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "1.0"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

wpscan.com/vulnerability/3a5bdd7e-7dd5-4749-9fad-ff4d7df20273/

EPSS

0.001

Percentile

17.7%

JSON

Related for CVELIST:CVE-2024-7822