2021-10-25 13:20:47
WPScan
PUBLISHED
The Cookie Bar WordPress plugin before 1.8.9 doesnt properly sanitise the Cookie Bar Message setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed