CVE-2021-24569

CVE-2021-24569: Cookie Notice & Compliance for GDPR / CCPA < 2.1.2 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product Cookie Notice & Compliance for GDPR / CCPA

Weakness CWE-79 · XSS

Published September 27, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.1.2 does not escape the value of its Button Text setting when outputting it in an attribute in the frontend, allowing high privilege users such as admin to perform Cross-Site Scripting even when the unfiltered_html capability is disallowed.

Key dates

02Disclosure timeline

September 27, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24569 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-13427 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Link CVE-2025-23610 WordPress Ultimate Events plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2023-3856 phpscriptpoint Ecommerce blog-single.php cross site scripting CVE-2023-36031 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability CVE-2026-7116 code-projects Employee Management System mark.php cross site scripting