CVE-2021-47957

MEDIUM

WordPress Plugin Cookie Law Bar 1.2.1 Stored XSS via clb_bar_msg

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47957. PoCs published by Mesut Cetin.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in the WordPress Cookie Law Bar plugin (v1.2.1) by injecting malicious JavaScript into the 'Bar Message' field, which executes when users browse WordPress pages.

Description

Cookie Law Bar 1.2.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting unsanitized input to the Bar Message field. Attackers can inject script payloads through the plugin settings page that execute in the browsers of all WordPress users viewing the site, enabling cookie theft and sensitive data exfiltration.

Exploits (1)

exploitdb WORKING POC
by Mesut Cetin · textwebappsphp
https://www.exploit-db.com/exploits/49905

This exploit demonstrates a stored XSS vulnerability in the WordPress Cookie Law Bar plugin (v1.2.1) by injecting malicious JavaScript into the 'Bar Message' field, which executes when users browse WordPress pages.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: WordPress Plugin Cookie Law Bar 1.2.1
Auth required
Prerequisites: Authenticated access to WordPress admin panel
devstral-2 · analyzed May 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit
ExploitDB-49905
https://www.exploit-db.com/exploits/49905
Product product
Official Product Homepage
https://www.cookielawinfo.com/wordpress-plugin/
Product product
Product Reference
https://wordpress.org/plugins/cookie-law-bar/
Third Party Advisory third-party-advisory
VulnCheck Advisory: WordPress Plugin Cookie Law Bar 1.2.1 Stored XSS via clb_bar_msg
https://www.vulncheck.com/advisories/wordpress-plugin-cookie-law-bar-stored-xss-via-clb-bar-msg

Scores

CVSS v3 6.4
EPSS 0.0020
EPSS Percentile 9.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
Cookielawinfo/Cookie Law Bar 1.2.1
Published May 16, 2026
Tracked Since May 16, 2026