Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2

Critical0

High0

Medium2

Search Severity Year Type Sort Order

Reset

Showing 1-2 of 2 records

Threat Entry Updated 2024-11-21

CVE-2021-24854 - Qr Redirector Plugin

The QR Redirector WordPress plugin before 1.6.1 does not sanitise and escape some of the QR Redirect fields, which could allow users with a role as low as Contributor perform Stored Cross-Site Scripting attacks.

PLUGIN Qr Redirector

CVE-2021-24854

MEDIUM CVSS 5.4 2021-11-17

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-24853 - Qr Redirector Plugin

The QR Redirector WordPress plugin before 1.6 does not have capability and CSRF checks when saving bulk QR Redirector settings via the qr_save_bulk AJAX action, which could allow any authenticated user, such as subscriber to change the redirect response status code of arbitrary QR Redirects

PLUGIN Qr Redirector

CVE-2021-24853

MEDIUM CVSS 4.3 2021-11-17

Risk Score

Open Full Technical Breakdown

Blog

"Prevention is cheaper than a breach"

Threat Database

CVE-2021-24854 - Qr Redirector Plugin

CVE-2021-24853 - Qr Redirector Plugin

Company Links

Contact Us