Vulnerabilities > CVE-2021-24615 - Unspecified vulnerability in Wechat Reward Project Wechat Reward 1.7

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

wechat-reward-project

NVD

Published: 2021-10-18

Updated: 2024-11-21

Summary

The Wechat Reward WordPress plugin through 1.7 does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting attacks.

Vulnerable Configurations

Part	Description	Count
Application	Wechat_Reward_Project Wechat Reward Project Wechat Reward - Wechat Reward Project Wechat Reward 1.7	2

References

https://wpscan.com/vulnerability/9d48313b-76d7-4252-9b81-2fdd0373561b
https://wpscan.com/vulnerability/9d48313b-76d7-4252-9b81-2fdd0373561b