CVE-2021-24615

CVE-2021-24615: Wechat Reward <= 1.7 - CSRF to Stored Cross-Site Scripting

Vendor Unknown

Product 微信打赏（Wechat Reward)

Weakness CWE-352 · CSRF

Published October 18, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Wechat Reward WordPress plugin through 1.7 does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting attacks.

Key dates

02Disclosure timeline

October 18, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24615

Related vulnerabilities

04Related CVE

CVE-2025-32276 WordPress Administrator Z plugin <= 2026.03.02 - Cross Site Request Forgery (CSRF) vulnerability CVE-2025-23793 WordPress Auto FTP plugin <= 1.0.1 - CSRF to Stored Cross-Site Scripting vulnerability CVE-2022-1577 Database Backup for WordPress < 2.5.2 - Arbitrary Schedule Settings Update via CSRF CVE-2025-60093 WordPress Download Manager Plugin <= 3.3.24 - Cross Site Request Forgery (CSRF) Vulnerability CVE-2025-26580 WordPress Page/Post Specific Social Share Buttons plugin <= 2.1 - CSRF to Stored XSS vulnerability