CVE-2021-24653

Summary

The Cookie Bar WordPress plugin before 1.8.9 doesn't properly sanitise the Cookie Bar Message setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Affected Software

VendorProductVersion RangeStatus
UnknownCookie Bar1.8.9 < 1.8.9affected

Weaknesses

  • CWE-79: CWE-79 Cross-Site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References