WordPress QR Code Composer Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Software QR Code Composer Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32560 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2b079e25db67 Credits stealthcopter Required privileg...

CVE-2022-3847

The Showing URL in QR Code WordPress plugin through 0.0.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin or editor add Stored XSS payloads via a CSRF attack...