Vulnerabilities and security researches forcookie-law-bar cookie-law-bar

May 20, 2026

CVE, Research URL: CVE-2021-47957
Home page URL: Security reports for Cookie Law Bar
Application: Cookie Law Bar
Date: May 16, 2026
Research Description: Cookie Law Bar 1.2.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting unsanitized input to the Bar Message field. Attackers can inject script payloads through the plugin settings page that execute in the browsers of all WordPress users viewing the site, enabling cookie theft and sensitive data exfiltration.
Affected versions: max 1.2.1.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: 7565ed53d11447f181f17d2d720c55c7bc85db2e
Home page URL: Security reports for Cookie Law Bar
Application: Cookie Law Bar
Date: May 25, 2021
Research Description: Cookie Law Bar [cookie-law-bar] <= 1.2.1 (unfixed) WordPress Cookie Law Bar plugin <= 1.2.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Mesut Cetin in WordPress Cookie Law Bar plugin (versions <= 1.2.1).
Affected versions: max 1.2.1.
Status: vulnerable