The QR Redirector WordPress plugin prior to 1.6 does not have capability and CSRF checks when saving bulk QR Redirector settings via the qr_save_bulk AJAX action, which could allow any authenticated user, such as subscriber to change the redirect response status code of arbitrary QR Redirects
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
qr redirector project qr redirector |