Lucene search
K

5 matches found

0day.today
0day.today
added 2022/03/30 12:0 a.m.241 views

WordPress Easy Cookie Policy 1.6.2 Plugin - Broken Access Control to Stored XSS Vulnerability

Exploit Title: WordPress Plugin Easy Cookie Policy 1.6.2 - Broken Access Control to Stored XSS Author: 0xB9 Software Link: https://wordpress.org/plugins/easy-cookies-policy/ Version: 1.6.2 Tested on: Windows 10 CVE: CVE-2021-24405 1. Description: Broken access control allows any authenticated use...

6.5CVSS0.4AI score0.10703EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/03/30 12:0 a.m.260 views

WordPress Easy Cookie Policy 1.6.2 Cross Site Scripting

Exploit Title: WordPress Plugin Easy Cookie Policy 1.6.2 - Broken Access Control to Stored XSS Date: 2/27/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/easy-cookies-policy/ Version: 1.6.2 Tested on: Windows 10 CVE: CVE-2021-24405 1. Description: Broken access control allows any...

6.5CVSS0.2AI score0.10703EPSS
Exploits5
Exploit DB
Exploit DB
added 2022/03/30 12:0 a.m.256 views

WordPress Plugin Easy Cookie Policy 1.6.2 - Broken Access Control to Stored XSS

Exploit Title: WordPress Plugin Easy Cookie Policy 1.6.2 - Broken Access Control to Stored XSS Date: 2/27/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/easy-cookies-policy/ Version: 1.6.2 Tested on: Windows 10 CVE: CVE-2021-24405 1. Description: Broken access control allows any...

6.5CVSS6.5AI score0.10703EPSS
Exploits5
WPVulnDB
WPVulnDB
added 2021/06/11 12:0 a.m.20 views

Easy Cookie Policy <= 1.6.2 - Broken Access Control to Stored Cross-Site Scripting

The plugin is lacking any capability and CSRF check when saving it's settings, allowing any authenticated users such as subscriber to change them. If users can't register, this can be done through CSRF. Furthermore, the cookie banner setting is not sanitised or validated before being output in al...

6.5CVSS0.8AI score0.10703EPSS
Exploits5Affected Software1
wpexploit
wpexploit
added 2021/06/11 12:0 a.m.624 views

Easy Cookie Policy <= 1.6.2 - Broken Access Control to Stored Cross-Site Scripting

The plugin is lacking any capability and CSRF check when saving it's settings, allowing any authenticated users such as subscriber to change them. If users can't register, this can be done through CSRF. Furthermore, the cookie banner setting is not sanitised or validated before being output in al...

6.5CVSS6AI score0.10703EPSS
Exploits5
Rows per page
Query Builder