The Showing URL in QR Code WordPress plugin through 0.0.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin or editor add Stored XSS payloads via a CSRF attack
References
Link | Resource |
---|---|
https://bulletin.iese.de/post/get-site-to-phone-by-qr-code_0-0-1/ | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/a70ad549-2e09-44fb-b894-4271ad4a84f6 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-11-28T13:50:08.559Z
Updated: 2022-12-02T11:10:58.435Z
Reserved: 2022-11-03T09:31:03.480Z
Link: CVE-2022-3847
JSON object: View
NVD Information
Status : Modified
Published: 2022-11-28T14:15:17.110
Modified: 2023-11-07T03:51:52.860
Link: CVE-2022-3847
JSON object: View
Redhat Information
No data.
CWE
No CWE.