CVE-2021-24405
Easy Cookie Policy <= 1.6.2 - Broken Access Control to Stored Cross-Site Scripting
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS —EPSS 11.0%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Ciclo de vida
06 jul 2021Publicada en NVD
30 mar 2022PoC pública
Recomendación: Planificar corrección próxima — ya existe PoC pública.
The Easy Cookies Policy WordPress plugin through 1.6.2 is lacking any capability and CSRF check when saving its settings, allowing any authenticated users (such as subscriber) to change them. If users can't register, this can be done through CSRF. Furthermore, the cookie banner setting is not sanitised or validated before being output in all pages of the frontend and the backend settings one, leading to a Stored Cross-Site Scripting issue.
Productos afectados
IZSoft · Easy Cookies PolicyPoCs públicas encontradas — 2
cve_referencepacketstormsecurity.com/files/166543/WordPress-Easy-Cookie-Policy-1.6.2-Cross-Site-Scripting.htmlno verificadoexploitdbwww.exploit-db.com/exploits/50849no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →