Vulnerabilities > QR Redirector Project

DATE CVE VULNERABILITY TITLE RISK
2021-11-17 CVE-2021-24853 Cross-Site Request Forgery (CSRF) vulnerability in QR Redirector Project QR Redirector
The QR Redirector WordPress plugin before 1.6 does not have capability and CSRF checks when saving bulk QR Redirector settings via the qr_save_bulk AJAX action, which could allow any authenticated user, such as subscriber to change the redirect response status code of arbitrary QR Redirects
4.3
2021-11-17 CVE-2021-24854 Cross-site Scripting vulnerability in QR Redirector Project QR Redirector
The QR Redirector WordPress plugin before 1.6.1 does not sanitise and escape some of the QR Redirect fields, which could allow users with a role as low as Contributor perform Stored Cross-Site Scripting attacks.
3.5