CVE-2021-24595

MEDIUM

Wp Cookie Choice < 1.1.0 - Cross-Site Request Forgery and Stored Cross-Site Scripting

Title source: llm
STIX 2.1

Description

The Wp Cookie Choice WordPress plugin through 1.1.0 is lacking any CSRF check when saving its options, and do not escape them when outputting them in attributes. As a result, an attacker could make a logged in admin change them to arbitrary values including XSS payloads via a CSRF attack.

References (1)

Core 1
Core References

Scores

CVSS v3 6.5
EPSS 0.0051
EPSS Percentile 39.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-352 CWE-79
Status published
Products (1)
wp_cookie_choice_project/wp_cookie_choice < 1.1.0
Published Oct 18, 2021
Tracked Since Feb 18, 2026