Vulnerabilities > CVE-2021-24618 - Unspecified vulnerability in Wbolt Donate With Qrcode

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

wbolt

NVD

Published: 2021-09-20

Updated: 2024-11-21

Summary

The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting (XSS). Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated user (as low as subscriber), or unauthenticated user via a CSRF vector to update them and perform such attack.

Vulnerable Configurations

Part	Description	Count
Application	Wbolt Wbolt Donate With Qrcode *	1

References

https://wpscan.com/vulnerability/d50b801a-16b5-45e9-a465-e3bb0445cb49
https://wpscan.com/vulnerability/d50b801a-16b5-45e9-a465-e3bb0445cb49