CVE-2021-24595

CVE-2021-24595: WP Cookie Choice <= 1.1.0 - CSRF to Stored Cross-Site Scripting

Vendor Unknown

Product Wp Cookie Choice

Weakness CWE-352 · CSRF

Published October 18, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Wp Cookie Choice WordPress plugin through 1.1.0 is lacking any CSRF check when saving its options, and do not escape them when outputting them in attributes. As a result, an attacker could make a logged in admin change them to arbitrary values including XSS payloads via a CSRF attack.

Key dates

02Disclosure timeline

October 18, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24595 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2023-5772 Debug Log Manager <= 2.2.0 - Cross-Site Request Forgery CVE-2026-4968 SourceCodester Diary App diary.php cross-site request forgery CVE-2025-32584 WordPress Chat2 plugin <= 4.0 - CSRF to Stored XSS vulnerability CVE-2024-0768 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_theme_activation CVE-2020-37079 Wing FTP Server < 6.2.7 - Cross-site Request Forgery