2 matches found
CVE-2021-24569 Cookie Notice & Compliance for GDPR / CCPA < 2.1.2 - Admin+ Stored Cross-Site Scripting
The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.1.2 does not escape the value of its Button Text setting when outputting it in an attribute in the frontend, allowing high privilege users such as admin to perform Cross-Site Scripting even when the unfilteredhtml capability...
CVE-2021-24569
The CVE-2021-24569 entry concerns the WordPress plugin “Cookie Notice & Compliance for GDPR / CCPA” (versions before 2.1.2). The exposed issue is that the Button Text setting is not escaped when output in an HTML attribute on the frontend, enabling Cross-Site Scripting by high-privilege users (e....