Lucene search
+L

41 matches found

CVE
CVE
added 2026/07/10 7:48 a.m.8 views

CVE-2026-12955

The CVE-2026-12955 entry describes a vulnerability in the GDPR Cookie Consent plugin for WordPress (versions up to 4.3.6) where missing capability checks and nonce verification in the gdpr_cookie_consent_ajax_save_schedule_scan() function (wp_ajax_gcc_save_schedule_scan) allow authenticated users...

4.3CVSS6.1AI score0.00196EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/10 7:48 a.m.7 views

CVE-2026-14475

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

4.9CVSS6.1AI score0.00294EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/07/09 7:8 p.m.5 views

WordPress Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin <= 4.3.6 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions = 4.3.6...

4.9CVSS6.1AI score0.00294EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.14 views

CVE-2026-8977

The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninjagdprajaxactions' AJAX action in versions up to, and including, 1.0.0. This is due to missing capability and nonce checks on the handleAjaxCalls function, combined with insufficient input...

6.4CVSS5.5AI score0.00188EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

WordPress plugin WP GDPR Cookie Consent 跨站脚本漏洞

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed on a WordPress site. The WP GDPR Cookie Consent plugin has a cross-site...

6.4CVSS5.9AI score0.00188EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.12 views

CVE-2026-4019

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/complianz/v1/consent-area/postid/blockid using returntrue as the permissioncallback, allowing any...

5.3CVSS5.4AI score0.00276EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/29 8:27 a.m.8 views

EUVD-2026-26200

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/complianz/v1/consent-area/postid/blockid using returntrue as the permissioncallback, allowing any...

5.3CVSS5.3AI score0.00276EPSS
Exploits0References6
NVD
NVD
added 2026/03/26 2:16 p.m.5 views

CVE-2026-2389

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.4.2. This is due to the revertdivstosummary function replacing HTML entities with literal double-quote characters " in post content without subseque...

4.9CVSS0.00222EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/26 1:26 p.m.3 views

CVE-2026-2389

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.4.2. This is due to the revertdivstosummary function replacing HTML entities with literal double-quote characters " in post content without subseque...

4.9CVSS6AI score0.00222EPSS
Exploits0References5
NVD
NVD
added 2026/01/24 8:16 a.m.5 views

CVE-2026-1084

The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00279EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/24 7:26 a.m.3 views

CVE-2026-1084 Cookie consent for developers <= 1.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Multiple Settings Fields

The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.9AI score0.00279EPSS
Exploits0References5
CVE
CVE
added 2026/01/24 7:26 a.m.26 views

CVE-2026-1084

CVE-2026-1084 concerns the WordPress plugin “Cookie consent for developers.” The vulnerability is a Stored Cross-Site Scripting (XSS) via multiple settings fields in all versions up to 1.7.1, caused by insufficient input sanitization and output escaping. Impact is limited to sites using multisite...

4.4CVSS5.7AI score0.00279EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/24 7:26 a.m.38 views

CVE-2026-1084 Cookie consent for developers <= 1.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Multiple Settings Fields

The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00279EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/24 12:0 a.m.8 views

WordPress plugin: Cookie consent for developers – Cross-site scripting vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

4.4CVSS5.7AI score0.00279EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.18 views

PT-2026-4582

The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.7AI score0.00279EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/12/30 4:10 p.m.30 views

CVE-2025-66080 WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent plugin <= 4.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through = 4.0.3...

5.3CVSS0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/16 8:12 a.m.33 views

CVE-2025-66133 WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent plugin <= 4.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through = 4.0.7...

5.3CVSS0.00222EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/06 3:54 p.m.3 views

CVE-2025-53316 WordPress WP GDPR Cookie Consent plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Shahjahan Jewel WP GDPR Cookie Consent wp-gdpr-cookie-consent allows Stored XSS.This issue affects WP GDPR Cookie Consent: from n/a through = 1.0.0...

7.1CVSS6.2AI score0.00116EPSS
Exploits0References1
CVE
CVE
added 2025/11/06 3:54 p.m.12 views

CVE-2025-53316

CVE-2025-53316 is a CSRF vulnerability in the WordPress plugin WP GDPR Cookie Consent ( wp-gdpr-cookie-consent ), affecting versions up to 1.0.0. Descriptions across multiple sources (NVD/Red Hat/Wordfence) consistently state that this CSRF allows Stored XSS in WP GDPR Cookie Consent. The connect...

7.1CVSS6.2AI score0.00116EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/06 3:53 p.m.4 views

CVE-2025-49390 WordPress Cookie Notice & Consent plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in christophrado Cookie Notice & Consent cookie-notice-consent allows Stored XSS.This issue affects Cookie Notice & Consent: from n/a through = 1.6.4...

7.1CVSS5.6AI score0.00216EPSS
Exploits0References1
Rows per page
Query Builder