Showing 1 - 1 of 1

CVE-2021-24405

Status Candidate

Overview

The Easy Cookies Policy WordPress plugin through 1.6.2 is lacking any capability and CSRF check when saving its settings, allowing any authenticated users (such as subscriber) to change them. If users can't register, this can be done through CSRF. Furthermore, the cookie banner setting is not sanitised or validated before being output in all pages of the frontend and the backend settings one, leading to a Stored Cross-Site Scripting issue.

Related Files

WordPress Easy Cookie Policy 1.6.2 Cross Site Scripting: Posted Mar 30, 2022; Authored by 0xB9; WordPress Easy Cookie Policy plugin version 1.6.2 suffers from persistent cross site scripting vulnerability due to a broken access control.; tags | exploit, xss; advisories | CVE-2021-24405; SHA-256 | 0f40c07bb7f4bcf7b5bf25dff22799cb9ddc37674fc191e7558caaaf8e60a2df; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 287 files
Ubuntu 60 files
Gentoo 32 files
Debian 28 files
Apple 9 files
malvuln 6 files
Jann Horn 5 files
Ahmet Umit Bayram 5 files
nu11secur1ty 5 files
Google Security Research 5 files

File Archives

Systems

AIX (429)
Apple (2,087)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,042)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,642)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,788)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,504)
UNIX (9,401)
UnixWare (187)
Windows (6,659)
Other

CVE-2021-24405

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems