CVE-2021-24595

The Wp Cookie Choice WordPress plugin through 1.1.0 is lacking any CSRF check when saving its options, and do not escape them when outputting them in attributes. As a result, an attacker could make a logged in admin change them to arbitrary values including XSS payloads via a CSRF attack...

WordPress Wp Cookie Choice Cross-site Request Forgery Vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language, a WordPress open source application plugin that supports setting up personal blogging sites on servers with PHP and MySQL. WordPress Wp Cookie Choice 1.1.0 and earlier versions are vulnerable to...

CVE-2021-24595

The Wp Cookie Choice WordPress plugin through 1.1.0 is lacking any CSRF check when saving its options, and do not escape them when outputting them in attributes. As a result, an attacker could make a logged in admin change them to arbitrary values including XSS payloads via a CSRF attack...

WordPress plugin Wp Cookie Choice 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language, a WordPress open source application plugin that supports setting up personal blogging sites on servers with PHP and MySQL. WordPress Wp Cookie Choice 1.1.0 and earlier versions are vulnerable to...

PT-2021-16110 · WordPress · Wp Cookie Choice

Name of the Vulnerable Software and Affected Versions: Wp Cookie Choice WordPress plugin versions 1.1.0 and earlier Description: The issue is related to the lack of CSRF checks when saving options and the failure to escape output in attributes. This allows an attacker to make a logged-in admin...

WP Cookie Choice <= 1.1.0 - CSRF to Stored Cross-Site Scripting

The plugin is lacking any CSRF check when saving its options, and do not escape them when outputting them in attributes. As a result, an attacker could make a logged in admin change them to arbitrary values including XSS payloads via a CSRF attack. PoC...