VYPR

Wp Cookie Choice

by WordPress

CVEs (1)

  • CVE-2021-24595MedOct 18, 2021
    risk 0.42cvss 6.5epss 0.01

    The Wp Cookie Choice WordPress plugin through 1.1.0 is lacking any CSRF check when saving its options, and do not escape them when outputting them in attributes. As a result, an attacker could make a logged in admin change them to arbitrary values including XSS payloads via a…