3 matches found
CVE-2021-24853
The QR Redirector WordPress plugin before 1.6 does not have capability and CSRF checks when saving bulk QR Redirector settings via the qrsavebulk AJAX action, which could allow any authenticated user, such as subscriber to change the redirect response status code of arbitrary QR Redirects...
CVE-2021-24853 QR Redirector < 1.6 - Subscriber+ Arbitrary QR Redirect Response Status Update
The QR Redirector WordPress plugin before 1.6 does not have capability and CSRF checks when saving bulk QR Redirector settings via the qrsavebulk AJAX action, which could allow any authenticated user, such as subscriber to change the redirect response status code of arbitrary QR Redirects...
CVE-2021-24853
The CVE-2021-24853 issue affects the WordPress QR Redirector plugin (versions before 1.6). The core vulnerability is missing capability and CSRF checks on the qr_save_bulk AJAX action during bulk QR Redirector settings saves, enabling any authenticated user (e.g., a subscriber) to alter the redir...