CVE-2022-3847

The Showing URL in QR Code WordPress plugin through 0.0.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin or editor add Stored XSS payloads via a CSRF attack
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
WPScanCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
VendorProductVersion
showing_url_in_qr_code_projectshowing_url_in_qr_code
0.0.1
𝑥
= Vulnerable software versions
References
https://bulletin.iese.de/post/get-site-to-phone-by-qr-code_0-0-1/
https://wpscan.com/vulnerability/a70ad549-2e09-44fb-b894-4271ad4a84f6
https://bulletin.iese.de/post/get-site-to-phone-by-qr-code_0-0-1/
https://wpscan.com/vulnerability/a70ad549-2e09-44fb-b894-4271ad4a84f6