CVE-2021-24615

Name of the Vulnerable Software and Affected Versions Wechat Reward WordPress plugin versions 1.7 and earlier

Description The issue allows attackers to make a logged-in admin change the settings and perform Cross-Site Scripting attacks due to the lack of sanitization or escaping of its QR settings and the absence of a CSRF check.

Recommendations For Wechat Reward WordPress plugin versions 1.7 and earlier, update to a version that addresses the issue, as the current version does not sanitise or escape its QR settings and lacks a CSRF check, allowing for Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.