WordPress Plugin Cookie Law Bar 1.2.1 - 'clb_bar_msg' Stored Cross-Site Scripting (XSS)

vendor:

Cookie Law Bar

by:

Mesut Cetin

9.8

CVSS

HIGH

Stored Cross-Site Scripting (XSS)

CWE

Product Name: Cookie Law Bar

Affected Version From: 1.2.1

Affected Version To: 1.2.1

Patch Exists: NO

Related CWE: N/A

CPE: a:cookielawinfo:cookie_law_bar:1.2.1

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Ubuntu 16.04 LTS, Wordpress 5.7.2

2021

WordPress Plugin Cookie Law Bar 1.2.1 – ‘clb_bar_msg’ Stored Cross-Site Scripting (XSS)

The 'Bar Message' text field of the WordPress Plugin Cookie Law Bar 1.2.1 is vulnerable to stored XSS due to unsanitized user input. An authenticated attacker can retrieve cookies / sensitive data of all WordPress users by injecting a payload into the 'Bar Message' field and saving it. Browsing through the WordPress pages then shows the cookies of all users.

Mitigation:

Sanitize user input to prevent XSS attacks.

Source

Exploit-DB raw data:

# Exploit Title: WordPress Plugin Cookie Law Bar 1.2.1 - 'clb_bar_msg' Stored Cross-Site Scripting (XSS)
# Date: 2021-05-24
# Exploit Author: Mesut Cetin
# Vendor Homepage: https://www.cookielawinfo.com/wordpress-plugin/
# Software Link: https://wordpress.org/plugins/cookie-law-bar/
# Version: 1.2.1
# Tested on: Ubuntu 16.04 LTS, Wordpress 5.7.2

# the "Bar Message" text field is vulnerable to stored XSS due to unsanitized user input
# an authenticated attacker can retrieve cookies / sensitive data of all Wordpress users

# proof of concept
# navigate to the settings of the Cookie Law Bar under

http://localhost/wp-admin/options-general.php?page=clb

# inject the payload: </script><script>alert(document.cookie)</script> into the "Bar Message field" and save it

# browsing through the Wordpress pages shows the cookies