Lucene search
K

41 matches found

CNNVD
CNNVD
added 2025/11/06 12:0 a.m.4 views

WordPress plugin WP GDPR Cookie Consent 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-sit...

7.1CVSS5.9AI score0.00116EPSS
Exploits0References1
NVD
NVD
added 2025/10/09 2:15 a.m.4 views

CVE-2025-10496

The Cookie Notice & Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the uuid parameter in all versions up to, and including, 1.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS0.00281EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/10/08 10:25 p.m.4 views

WordPress Cookie Notice & Consent plugin <= 1.6.5 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Cookie Notice & Consent versions = 1.6.5...

7.2CVSS5.7AI score0.00281EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-2444

Malware in sbrugna...

6.1CVSS6.1AI score0.0641EPSS
Exploits6References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-46407

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.00316EPSS
Exploits0References1
OSV
OSV
added 2025/05/15 8:15 p.m.3 views

CVE-2024-8397

The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Consent report' page and the malicious...

5.4CVSS5.8AI score0.00266EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/04/17 3:17 p.m.7 views

CVE-2025-39426 WordPress illow – Cookies Consent plugin <= 0.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in illow illow – Cookies Consent allows Cross Site Request Forgery. This issue affects illow – Cookies Consent: from n/a through 0.2.0...

4.3CVSS6.9AI score0.00153EPSS
Exploits0References1
OSV
OSV
added 2024/12/12 7:15 a.m.3 views

CVE-2024-11724

The Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker for GDPR, CCPA & ePrivacy plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wplscriptsave AJAX action in all versions up to, and including, 3.6.5...

4.3CVSS7.3AI score0.00319EPSS
Exploits0References2
NVD
NVD
added 2024/12/12 7:15 a.m.16 views

CVE-2024-11724

The Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker for GDPR, CCPA & ePrivacy plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wplscriptsave AJAX action in all versions up to, and including, 3.6.5...

4.3CVSS0.00319EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/12 12:0 a.m.8 views

PT-2024-17213 · WordPress · Cookie Consent For Wp

Name of the Vulnerable Software and Affected Versions: Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker for GDPR, CCPA & ePrivacy plugin for WordPress versions up to, and including, 3.6.5 Description: The issue concerns unauthorized modification of data due to a...

4.3CVSS9.1AI score0.00319EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2024/03/14 12:0 a.m.8 views

The vulnerability of the process_delete function in the class-DNSMPD.php component of the GDPR/CCPA Cookie Consent plugin for WordPress’ content management system allows a hacker to perform a CSRF attack.

The vulnerability of the processdelete function in the class-DNSMPD.php component of the GDPR/CCPA Cookie Consent plugin for WordPress content management systems is related to the manipulation of cross-site requests. Exploiting this vulnerability could allow a malicious actor to execute a CSRF...

5CVSS6.3AI score0.00204EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/09/25 1:15 a.m.3 views

CVE-2023-41948

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Christoph Rado Cookie Notice & Consent plugin = 1.6.0 versions...

4.8CVSS5.8AI score0.00316EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/25 12:36 a.m.24 views

CVE-2023-41948 WordPress Cookie Notice & Consent Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Christoph Rado Cookie Notice & Consent plugin = 1.6.0 versions...

5.9CVSS5.5AI score0.00316EPSS
Exploits0References1
CVE
CVE
added 2023/09/25 12:36 a.m.34 views

CVE-2023-41948

CVE-2023-41948 refers to a Stored XSS vulnerability in the WordPress plugin Cookie Notice & Consent, affecting versions

5.9CVSS5.1AI score0.00316EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/25 12:0 a.m.4 views

PT-2023-28186 · Christoph Rado · Christoph Rado Cookie Notice & Consent Plugin

Name of the Vulnerable Software and Affected Versions: Christoph Rado Cookie Notice & Consent plugin versions prior to 1.7.0 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin or higher privileges. Recommendations: For...

5.9CVSS5.4AI score0.00316EPSS
Exploits0References3
NVD
NVD
added 2018/05/01 1:29 p.m.39 views

CVE-2018-10371

An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1.3 for WordPress. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser via a pag...

6.1CVSS6.1AI score0.0641EPSS
Exploits6References4
CNVD
CNVD
added 2018/04/27 12:0 a.m.7 views

WordPress Catapult UK Cookie Consent Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports the setting up of personal blog sites on servers with PHP and MySQL.Catapult UK Cookie Consent is a plugin used to add a cached notification bar to a website. A cross-site...

5.4CVSS6.5AI score0.03892EPSS
Exploits5References1
CNVD
CNVD
added 2018/04/26 12:0 a.m.7 views

WordPress Responsive Cookie Consent plugin authentication cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up personal blog site.Responsive Cookie Consent plugin is used in which a cookie confirmation plugin. A security vulnerability exists in...

5.4CVSS7.2AI score0.02855EPSS
Exploits5References1
NVD
NVD
added 2018/04/25 9:29 a.m.32 views

CVE-2018-10310

A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary HTML/script code in the context of a victim's browser...

5.4CVSS5.5AI score0.03892EPSS
Exploits5References4
OSV
OSV
added 2018/04/25 9:29 a.m.4 views

CVE-2018-10310

A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary HTML/script code in the context of a victim's browser...

5.4CVSS5.8AI score0.03892EPSS
Exploits5References4
Rows per page
Query Builder