← Back to CVEs
CVE-2021-24853
MEDIUM4.3
Description
The QR Redirector WordPress plugin before 1.6 does not have capability and CSRF checks when saving bulk QR Redirector settings via the qr_save_bulk AJAX action, which could allow any authenticated user, such as subscriber to change the redirect response status code of arbitrary QR Redirects
CVE Details
CVSS v3.1 Score4.3
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
Published11/17/2021
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
qr_redirector_project:qr_redirector
Weaknesses (CWE)
CWE-284CWE-352
References
https://wpscan.com/vulnerability/240bed24-0315-4bbf-ba17-e4947e5ecacb(contact@wpscan.com)
https://wpscan.com/vulnerability/240bed24-0315-4bbf-ba17-e4947e5ecacb(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.