← volver
CVE-2021-24595

WP Cookie Choice <= 1.1.0 - CSRF to Stored Cross-Site Scripting

EPSS 0.5%CWE-352CWE-79
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
18 oct 2021Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Wp Cookie Choice WordPress plugin through 1.1.0 is lacking any CSRF check when saving its options, and do not escape them when outputting them in attributes. As a result, an attacker could make a logged in admin change them to arbitrary values including XSS payloads via a CSRF attack.
Productos afectados
Unknown · Wp Cookie Choice

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://wpscan.com/vulnerability/c809bdb3-d820-4ce1-9cbc-e41985fb5052