The You Shang WordPress plugin through 1.0.1 does not escape its qrcode links settings, which result into Stored Cross-Site Scripting issues in frontend posts and the plugins settings page depending on the payload usedCreditsyangshengcheng@webray.com.cn incReferenceshttps://wpscan.com/vulnerability/37554d0e-68e2-4df9-8c59-65f5cd7f184e
