听雨眠

**Name of the Vulnerable Software and Affected Versions** Wechat Reward WordPress plugin versions 1.7 and earlier **Description** The issue allows attackers to make a logged-in admin change the settings and perform Cross-Site Scripting attacks due to the lack of sanitization or escaping of its QR settings and the absence of a CSRF check. **Recommendations** For Wechat Reward WordPress plugin versions 1.7 and earlier, update to a version that addresses the issue, as the current version does not sanitise or escape its QR settings and lacks a CSRF check, allowing for Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.