4 matches found
CVE-2021-24618
The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting XSS. Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated...
CVE-2021-24618 Donate With QRCode < 1.4.5 - Stored Cross-Site Scripting
The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting XSS. Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated...
CVE-2021-24618
The CVE-2021-24618 entry concerns the Donate With QRCode WordPress plugin (versions before 1.4.5). The issue is a Stored XSS in the QRCode Image setting caused by inadequate sanitisation/escaping, compounded by missing CSRF and capability checks when saving the setting. This allows an authenticat...
PT-2021-16134 · WordPress · Donate With Qrcode
Name of the Vulnerable Software and Affected Versions: Donate With QRCode WordPress plugin versions prior to 1.4.5 Description: The issue is related to a Stored Cross-Site Scripting XSS attack. The plugin does not sanitise or escape its QRCode Image setting, allowing any authenticated user, or...