Vulnerabilities > CVE-2021-24653 - Unspecified vulnerability in Cookie-Bar Project Cookie-Bar 1.8.8

CVSS 4.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

cookie-bar-project

NVD

Published: 2021-10-25

Updated: 2024-11-21

Summary

The Cookie Bar WordPress plugin before 1.8.9 doesn't properly sanitise the Cookie Bar Message setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Vulnerable Configurations

Part	Description	Count
Application	Cookie-Bar_Project Cookie BAR Project Cookie BAR - Cookie BAR Project Cookie BAR 1.8.8	2

References

https://wpscan.com/vulnerability/bfa8f46f-d323-4a2d-b875-39cd9b4cee0a
https://wpscan.com/vulnerability/bfa8f46f-d323-4a2d-b875-39cd9b4cee0a