Skip to main content

Qr Redirector

3 CVEs product

Monthly

CVE-2026-24545 MEDIUM This Month

Missing authorization in the QR Redirector WordPress plugin (versions through 2.0.3) exposes redirect management functionality to authenticated low-privileged users who lack the appropriate capability checks. The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms any authenticated WordPress user - including subscribers or contributors - can exploit this flaw remotely without user interaction. No public exploit code exists and no active exploitation has been identified; EPSS at 0.03% (8th percentile) and SSVC exploitation status of 'none' place this at low operational priority for most environments.

Authentication Bypass Qr Redirector
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2021-24854 MEDIUM POC This Month

The QR Redirector WordPress plugin before 1.6.1 does not sanitise and escape some of the QR Redirect fields, which could allow users with a role as low as Contributor perform Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Qr Redirector
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24853 MEDIUM POC This Month

The QR Redirector WordPress plugin before 1.6 does not have capability and CSRF checks when saving bulk QR Redirector settings via the qr_save_bulk AJAX action, which could allow any authenticated. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Authentication Bypass Qr Redirector
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
EPSS 0% CVSS 4.3
MEDIUM This Month

Missing authorization in the QR Redirector WordPress plugin (versions through 2.0.3) exposes redirect management functionality to authenticated low-privileged users who lack the appropriate capability checks. The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms any authenticated WordPress user - including subscribers or contributors - can exploit this flaw remotely without user interaction. No public exploit code exists and no active exploitation has been identified; EPSS at 0.03% (8th percentile) and SSVC exploitation status of 'none' place this at low operational priority for most environments.

Authentication Bypass Qr Redirector
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

The QR Redirector WordPress plugin before 1.6.1 does not sanitise and escape some of the QR Redirect fields, which could allow users with a role as low as Contributor perform Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Qr Redirector
NVD WPScan
EPSS 0% CVSS 4.3
MEDIUM POC This Month

The QR Redirector WordPress plugin before 1.6 does not have capability and CSRF checks when saving bulk QR Redirector settings via the qr_save_bulk AJAX action, which could allow any authenticated. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Authentication Bypass +1
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy