Description

WordPress Plugin Wp Cookie Choice is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin Wp Cookie Choice version 1.1.0 is vulnerable; prior versions may also be affected.

Remediation

Edit the source code to ensure that CSRF protection is implemented with Nonce-like mechanism or disable the plugin until a fix is available

References

https://sploitus.com/exploit?id=WPEX-ID:C809BDB3-D820-4CE1-9CBC-E41985FB5052

https://wordpress.org/plugins/wp-cookiechoise/#description

Related Vulnerabilities

WordPress Plugin Map Block for Google Maps Unspecified Vulnerability (1.31)

WordPress Plugin WP Discourse Unspecified Vulnerability (0.9.7)

WordPress Plugin WP Business Intelligence Lite SQL Injection (1.6.1)

MySQL CVE-2021-35638 Vulnerability (CVE-2021-35638)

WordPress Plugin Awesome Support-WordPress HelpDesk & Support Cross-Site Scripting (6.0.6)

Severity

High

Classification

CVE-2021-24595 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update CSRF