CVE-2021-24615

The Wechat Reward WordPress plugin through 1.7 does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting attacks.
References
Configurations

Configuration 1

cpe:2.3:a:wechat_reward_project:wechat_reward:*:*:*:*:*:wordpress:*:*

Information

Published : 2021-10-18 02:15

Updated : 2022-11-09 09:50


NVD link : CVE-2021-24615

Mitre link : CVE-2021-24615

Products Affected
No products.