WordPress · Cookie Bar · CVE-2021-24653
**Name of the Vulnerable Software and Affected Versions**
Cookie Bar WordPress plugin versions prior to 1.8.9
**Description**
The issue is related to the improper sanitization of the Cookie Bar Message setting, which could allow high-privilege users to perform Cross-Site Scripting attacks. This is possible even when the unfiltered html capability is disallowed.
**Recommendations**
For versions prior to 1.8.9, update to version 1.8.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the Cookie Bar Message setting to minimize the risk of exploitation.