Lucene search
K

4 matches found

OSV
OSV
added 2021/09/20 10:15 a.m.4 views

CVE-2021-24618

The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting XSS. Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated...

5.4CVSS5.8AI score0.00374EPSS
Exploits2References1
Cvelist
Cvelist
added 2021/09/20 10:6 a.m.22 views

CVE-2021-24618 Donate With QRCode < 1.4.5 - Stored Cross-Site Scripting

The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting XSS. Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated...

5.5AI score0.00374EPSS
Exploits2References1
CVE
CVE
added 2021/09/20 10:6 a.m.52 views

CVE-2021-24618

The CVE-2021-24618 entry concerns the Donate With QRCode WordPress plugin (versions before 1.4.5). The issue is a Stored XSS in the QRCode Image setting caused by inadequate sanitisation/escaping, compounded by missing CSRF and capability checks when saving the setting. This allows an authenticat...

5.4CVSS5.3AI score0.00374EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/09/20 12:0 a.m.6 views

PT-2021-16134 · WordPress · Donate With Qrcode

Name of the Vulnerable Software and Affected Versions: Donate With QRCode WordPress plugin versions prior to 1.4.5 Description: The issue is related to a Stored Cross-Site Scripting XSS attack. The plugin does not sanitise or escape its QRCode Image setting, allowing any authenticated user, or...

5.4CVSS5.3AI score0.00374EPSS
Exploits2References5
Rows per page
Query Builder