30 matches found
CVE-2026-12955
The CVE-2026-12955 entry describes a vulnerability in the GDPR Cookie Consent plugin for WordPress (versions up to 4.3.6) where missing capability checks and nonce verification in the gdpr_cookie_consent_ajax_save_schedule_scan() function (wp_ajax_gcc_save_schedule_scan) allow authenticated users...
CVE-2026-14475
The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...
WordPress Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin <= 4.3.6 - Authenticated (Administrator+) SQL Injection vulnerability
Authenticated Administrator+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions = 4.3.6...
CVE-2026-8977
The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninjagdprajaxactions' AJAX action in versions up to, and including, 1.0.0. This is due to missing capability and nonce checks on the handleAjaxCalls function, combined with insufficient input...
WordPress plugin WP GDPR Cookie Consent 跨站脚本漏洞
WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed on a WordPress site. The WP GDPR Cookie Consent plugin has a cross-site...
CVE-2026-4019
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/complianz/v1/consent-area/postid/blockid using returntrue as the permissioncallback, allowing any...
EUVD-2026-26200
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/complianz/v1/consent-area/postid/blockid using returntrue as the permissioncallback, allowing any...
CVE-2026-2389
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.4.2. This is due to the revertdivstosummary function replacing HTML entities with literal double-quote characters " in post content without subseque...
CVE-2026-2389
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.4.2. This is due to the revertdivstosummary function replacing HTML entities with literal double-quote characters " in post content without subseque...
CVE-2026-1084
The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-1084 Cookie consent for developers <= 1.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Multiple Settings Fields
The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-1084 Cookie consent for developers <= 1.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Multiple Settings Fields
The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-1084
CVE-2026-1084 concerns the WordPress plugin “Cookie consent for developers.” The vulnerability is a Stored Cross-Site Scripting (XSS) via multiple settings fields in all versions up to 1.7.1, caused by insufficient input sanitization and output escaping. Impact is limited to sites using multisite...
WordPress plugin: Cookie consent for developers – Cross-site scripting vulnerabilities
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-4582
The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-53316
CVE-2025-53316 is a CSRF vulnerability in the WordPress plugin WP GDPR Cookie Consent ( wp-gdpr-cookie-consent ), affecting versions up to 1.0.0. Descriptions across multiple sources (NVD/Red Hat/Wordfence) consistently state that this CSRF allows Stored XSS in WP GDPR Cookie Consent. The connect...
CVE-2025-53316 WordPress WP GDPR Cookie Consent plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in Shahjahan Jewel WP GDPR Cookie Consent wp-gdpr-cookie-consent allows Stored XSS.This issue affects WP GDPR Cookie Consent: from n/a through = 1.0.0...
WordPress plugin WP GDPR Cookie Consent 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-sit...
EUVD-2018-2444
Malware in sbrugna...
CVE-2024-8397
The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Consent report' page and the malicious...