CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49646 – WordPress Code Generate plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-49646
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ioannup Code Generate allows Reflected XSS.This issue affects Code Generate: from n/a through 1.0. The Code Generate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/code-generator/wordpress-code-generate-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-24992
https://notcve.org/view.php?id=CVE-2022-24992
A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform directory traversal. Una vulnerabilidad en el componente process.php de QR Code Generator versión v5.2.7, permite a atacantes llevar a cabo un salto de directorios • https://github.com/n0lsecurity/CVE-2022-24992 http://qrcdr.com https://codecanyon.net/item/qrcdr-responsive-qr-code-generator/9226839 https://n0lsec.medium.com/qrcdr-path-traversal-vulnerability-bb89acc0c100 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •