Lucene search

0xB9PATCHSTACK:18DF57CE08A5AF8EE1A759956DD2DDD5

HistoryJun 11, 2021 - 12:00 a.m.

WordPress Easy Cookies Policy plugin <= 1.6.2 - Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS)

2021-06-1100:00:00

0xB9

patchstack.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

JSON

Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS) discovered by 0xB9 in WordPress Easy Cookies Policy plugin (versions <= 1.6.2).

Solution

           This plugin has been closed as of April 28, 2021 and is not available for download. This closure is temporary, pending a full review.

CPENameOperatorVersion
easy cookies policyle1.6.2

CPE	Name	Operator	Version
	easy cookies policy	le	1.6.2

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24405

wordpress.org/plugins/easy-cookies-policy/

wpscan.com/vulnerability/9157d6d2-4bda-4fcd-8192-363a63a51ff5

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

JSON

Related for PATCHSTACK:18DF57CE08A5AF8EE1A759956DD2DDD5