Description
Cookie Law Bar 1.2.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting unsanitized input to the Bar Message field. Attackers can inject script payloads through the plugin settings page that execute in the browsers of all WordPress users viewing the site, enabling cookie theft and sensitive data exfiltration.
Published: 2026-05-16
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 17 May 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Cookielawinfo
Cookielawinfo cookie Law Bar
Wordpress
Wordpress wordpress
Vendors & Products Cookielawinfo
Cookielawinfo cookie Law Bar
Wordpress
Wordpress wordpress

Sat, 16 May 2026 15:45:00 +0000

Type Values Removed Values Added
Description Cookie Law Bar 1.2.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting unsanitized input to the Bar Message field. Attackers can inject script payloads through the plugin settings page that execute in the browsers of all WordPress users viewing the site, enabling cookie theft and sensitive data exfiltration.
Title WordPress Plugin Cookie Law Bar 1.2.1 Stored XSS via clb_bar_msg
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}


Subscriptions

Cookielawinfo Cookie Law Bar
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-24T01:37:14.399Z

Reserved: 2026-02-01T11:24:18.720Z

Link: CVE-2021-47957

cve-icon Vulnrichment

Updated: 2026-05-18T13:50:58.892Z

cve-icon NVD

Status : Deferred

Published: 2026-05-16T16:16:22.037

Modified: 2026-06-17T04:18:49.737

Link: CVE-2021-47957

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-17T17:00:42Z

Weaknesses