Description
WordPress Plugin Jayj Quicktag is prone to multiple vulnerabilities, including PHP object injection and cross-site request forgery vulnerabilities. A successful exploit may allow an attacker to execute arbitrary PHP code within the context of the affected webserver process or to perform certain administrative actions; other attacks are also possible. WordPress Plugin Jayj Quicktag version 1.3.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.3.2 or latest
References
Related Vulnerabilities
PHP Out-of-bounds Read Vulnerability (CVE-2020-7060)
WordPress Plugin JS MultiHotel Cross-Site Scripting (2.2.1)
WordPress Plugin RSVP and Event Management Cross-Site Scripting (2.3.7)
Oracle HTTP Server CVE-2007-0280 Vulnerability (CVE-2007-0280)
Joomla URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-24598)