PT-2024-10890 · WordPress · Qyrr Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: Qyrr WordPress plugin versions prior to 0.7 Description: The issue allows for Cross-Site Scripting attacks due to the failure to escape the data-uri of the QR Code when outputting it in a src attribute. Additionally, the data uri to meta AJAX...