Cross site request forgery (csrf)

2022-11-2814:15:00

PRIOn knowledge base

www.prio-n.com

wordpress

csrf

xss

sanitization

attacker

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.4%

JSON

The Showing URL in QR Code WordPress plugin through 0.0.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin or editor add Stored XSS payloads via a CSRF attack

CPENameOperatorVersion
showing_url_in_qr_codeeq0.0.1

CPE	Name	Operator	Version
	showing_url_in_qr_code	eq	0.0.1

References

bulletin.iese.de/post/get-site-to-phone-by-qr-code_0-0-1/

wpscan.com/vulnerability/a70ad549-2e09-44fb-b894-4271ad4a84f6