CVE-2021-47957

WordPress Plugin Cookie Law Bar 1.2.1 Stored XSS via clb_bar_msg

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79

Cookie Law Bar 1.2.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting unsanitized input to the Bar Message field. Attackers can inject script payloads through the plugin settings page that execute in the browsers of all WordPress users viewing the site, enabling cookie theft and sensitive data exfiltration.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Affected products

Cookielawinfo · Cookie Law Bar

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/49905unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wordpress.org/plugins/cookie-law-bar/https://www.cookielawinfo.com/wordpress-plugin/https://www.exploit-db.com/exploits/49905 https://www.vulncheck.com/advisories/wordpress-plugin-cookie-law-bar-stored-xss-via-clb-bar-msg