CVE-2025-1624

The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-1624

creationtimestamp| type| source ---|---|--- 2025-03-16 06:46:06+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/7700 2025-03-16 08:00:51+00:00| seen| https://t.me/cvedetector/20401...

CVE-2025-1624

The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-1624

CVE-2025-1624 concerns the GDPR Cookie Compliance WordPress plugin prior to 4.15.9, where insufficient sanitization/escaping of certain settings enables Stored XSS by high-privilege users (e.g., admins), including multisite scenarios. The root cause is lack of input sanitization in plugin setting...

CVE-2025-1624 GDPR Cookie Compliance < 4.15.9 - Admin+ Stored XSS

The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-1624 GDPR Cookie Compliance < 4.15.9 - Admin+ Stored XSS

The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...