CVE-2021-47957
Published
CVSS v3
6.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
Cookie Law Bar 1.2.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting unsanitized input to the Bar Message field. Attackers can inject script payloads through the plugin settings page that execute in the browsers of all WordPress users viewing the site, enabling cookie theft and sensitive data exfiltration.
<p>A simple and lightweight cookie law WordPress plugin for show information that your website uses cookie. Perfect for implementation of EU cookie law!</p>
<p>Online demo: <a href="http://demo.richplugins.com/" rel="nofollow ugc">http://demo.richplugins.com/</a></p>
<p>Feel free to try our other widgets powered by <a href="https://widgetpack.com/" rel="nofollow ugc">Widget Pack</a>.</p>
<h4>Features</h4>
<ul>
<li>It’s free</li>
<li>Adaptive design</li>
<li>Zero load time</li>
<li>Smooth slide bottom or top bar</li>
<li>Changeable: position, message, color, button text</li>
</ul>
<h3>Support</h3>
<ul>
<li>
<p>Chat support https://widgetpack.com/forum</p>
</li>
<li>
<p>Email support [email protected]</p>
</li>
</ul>
WordPress Plugin Directory