2 matches found
CVE-2021-24618 Donate With QRCode < 1.4.5 - Stored Cross-Site Scripting
The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting XSS. Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated...
CVE-2021-24618
The CVE-2021-24618 entry concerns the Donate With QRCode WordPress plugin (versions before 1.4.5). The issue is a Stored XSS in the QRCode Image setting caused by inadequate sanitisation/escaping, compounded by missing CSRF and capability checks when saving the setting. This allows an authenticat...