cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2021-24854,https://securityvulnerability.io/vulnerability/CVE-2021-24854,QR Redirector < 1.6.1 - Contributor+ Stored Cross-Site Scripting,"The QR Redirector WordPress plugin before 1.6.1 does not sanitise and escape some of the QR Redirect fields, which could allow users with a role as low as Contributor perform Stored Cross-Site Scripting attacks.",Wordpress,Qr Redirector,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-11-17T10:15:58.000Z,0
CVE-2021-24853,https://securityvulnerability.io/vulnerability/CVE-2021-24853,QR Redirector < 1.6 - Subscriber+ Arbitrary QR Redirect Response Status Update,"The QR Redirector WordPress plugin before 1.6 does not have capability and CSRF checks when saving bulk QR Redirector settings via the qr_save_bulk AJAX action, which could allow any authenticated user, such as subscriber to change the redirect response status code of arbitrary QR Redirects",Wordpress,Qr Redirector,4.3,MEDIUM,0.0008699999889358878,false,,false,false,false,,false,false,2021-11-17T10:15:57.000Z,0