Ver todas as ameaças

CVE-2021-24618

Alvo: Não informado

Descrição

The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting (XSS). Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated user (as low as subscriber), or unauthenticated user via a CSRF vector to update them and perform such attack.

Software
Não informado
Tipo Software
Plugin
CVE
CVE-2021-24618
Tags
Nâo informado
Data de publicação
20/09/2021
Última atualização
21/12/2022
Pontuação em CVSS 3.0
5.4
Médio
Rolar para cima