Lucene search
WPScanVULNRICHMENT:CVE-2024-7822HistorySep 12, 2024 - 6:00 a.m.
CVE-2024-7822 Quick Code <= 1.0 - Stored XSS via CSRF
2024-09-1206:00:05
WPScan
github.com
cve-2024-7822
quick code
wordpress
stored xss
csrf
sanitisation
escaping
attackers
admin
AI Score
6.1
Confidence
High
EPSS
0.001
Percentile
17.7%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
The Quick Code WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:quick_code:quick_code:*:*:*:*:*:*:*:*"
],
"vendor": "quick_code",
"product": "quick_code",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver",
"lessThanOrEqual": "1.0"
}
],
"defaultStatus": "unknown"
}
]Related
cve
cve
CVE-2024-7822
2024-09-12 06:15:24
nvd
nvd
CVE-2024-7822
2024-09-12 06:15:24
cvelist
cvelist
CVE-2024-7822 Quick Code <= 1.0 - Stored XSS via CSRF
2024-09-12 06:00:05
wordfence
wordfence
AI Score
6.1
Confidence
High
EPSS
0.001
Percentile
17.7%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-7822