The Wp Cookie Choice WordPress plugin through 1.1.0 is lacking any CSRF check when saving its options, and do not escape them when outputting them in attributes. As a result, an attacker could make a logged in admin change them to arbitrary values including XSS payloads via a CSRF attack.
Metrics
Affected Vendors & Products
References
History
No history.
![cve-icon](/static/img/cve-icon.png)
Status: PUBLISHED
Assigner: WPScan
Published: 2021-10-18T13:45:44
Updated: 2024-08-03T19:35:20.227Z
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24595
![cve-icon](/static/img/cisa-icon.png)
No data.
![cve-icon](/static/img/nvd-icon.png)
Status : Modified
Published: 2021-10-18T14:15:09.157
Modified: 2024-11-21T05:53:22.570
Link: CVE-2021-24595
![cve-icon](/static/img/redhat-icon.png)
No data.