Filtered by vendor Wp Cookie Choice Project Subscriptions
Filtered by product Wp Cookie Choice Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-24595 1 Wp Cookie Choice Project 1 Wp Cookie Choice 2024-11-21 6.5 Medium
The Wp Cookie Choice WordPress plugin through 1.1.0 is lacking any CSRF check when saving its options, and do not escape them when outputting them in attributes. As a result, an attacker could make a logged in admin change them to arbitrary values including XSS payloads via a CSRF attack.