CVE-2021-24590: 
WordPress vulnerability analysis and mitigation

The Cookie Notice & Consent Banner for GDPR & CCPA Compliance WordPress plugin versions before 1.7.2 contained a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2021-24590. The vulnerability was discovered and publicly disclosed on August 6, 2021, by security researcher Asif Nawaz Minhas (WPScan).

The vulnerability stems from improper input sanitization in the plugin's design customization options. The issue is classified as CWE-79 (Cross-Site Scripting) and received a CVSS score of 2.4 (low severity). The vulnerability specifically affects the plugin's Customize Design page within the Wizard menu, where the 'Info Text' field allows for injection of arbitrary HTML (WPScan).

When exploited, this vulnerability allows attackers with administrative access to inject and store malicious JavaScript code through the plugin's design customization options. This stored XSS vulnerability could potentially be used to perform unauthorized actions on behalf of other users who view the affected pages (WPScan).

The vulnerability has been fixed in version 1.7.2 of the Cookie Notice & Consent Banner plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).