Izsoft

izsoft

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Easy Cookies Policy

easy_cookies_policy

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-24405 1Izsoft 1Easy Cookies Policy Nov 21, 2024 Jul 6, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The Easy Cookies Policy WordPress plugin through 1.6.2 is lacking any capability and CSRF check when saving its settings, allowing any authenticated users (such as subscriber) to change them. If users can't register, thi...Show more The Easy Cookies Policy WordPress plugin through 1.6.2 is lacking any capability and CSRF check when saving its settings, allowing any authenticated users (such as subscriber) to change them. If users can't register, this can be done through CSRF. Furthermore, the cookie banner setting is not sanitised or validated before being output in all pages of the frontend and the backend settings one, leading to a Stored Cross-Site Scripting issue.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2021-24405

1Izsoft

1Easy Cookies Policy

Nov 21, 2024

Jul 6, 2021

N/A· v4

6.5 MEDIUM· v3

4.0 MEDIUM· v2

The Easy Cookies Policy WordPress plugin through 1.6.2 is lacking any capability and CSRF check when saving its settings, allowing any authenticated users (such as subscriber) to change them. If users can't register, this can be done through CSRF. Furthermore, the cookie banner setting is not sanitised or validated before being output in all pages of the frontend and the backend settings one, leading to a Stored Cross-Site Scripting issue.Show less