Vulnerabilities for Wechat reward (...) - CXSECURITY.COM

Vulnerabilities for 'Wechat reward'

2021-10-18

CVE-2021-24615

CWE-352

The Wechat Reward WordPress plugin through 1.7 does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting attacks.

Copyright 2024, cxsecurity.com