CVE-2025-23864

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 16, 2025
CWE ID 79

Summary

CVE-2025-23864 is a Cross-site Scripting (XSS) vulnerability affecting the WCS QR Code Generator component of WP Code Snippets (Luke America). An attacker can exploit this flaw by injecting malicious code into web pages generated by the affected component, leading to unintended execution of scripts in users' browsers. Successful exploitation allows attackers to steal sensitive information or take control of users' sessions. This issue affects WCS QR Code Generator versions from n/a through 1.0. It is essential for users to apply the available patch or upgrade to a version free from this vulnerability to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share