CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-24615

The Wechat Reward WordPress plugin through 1.7 does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting attacks.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 28.3%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 4.3

References

https://wpscan.com/vulnerability/9d48313b-76d7-4252-9b81-2fdd0373561b
https://wpscan.com/vulnerability/9d48313b-76d7-4252-9b81-2fdd0373561b

Products affected by CVE-2021-24615

Wechat Reward Project » Wechat Reward » Version: N/A

cpe:2.3:a:wechat_reward_project:wechat_reward:-
Wechat Reward Project » Wechat Reward » Version: 1.7

cpe:2.3:a:wechat_reward_project:wechat_reward:1.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24615

Products

Pricing

Contact Us