41 matches found
CVE-2026-4019
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/complianz/v1/consent-area/postid/blockid using returntrue as the permissioncallback, allowing any...
CVE-2026-4019
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/complianz/v1/consent-area/postid/blockid using returntrue as the permissioncallback, allowing any...
CVE-2026-4019
The CVE-2026-4019 vulnerability affects the WordPress plugin Complianz – GDPR/CCPA Cookie Consent (versions up to and including 7.4.5). The REST endpoint /wp-json/complianz/v1/consent-area/{post_id}/{block_id} uses a permissive permission_callback (__return_true), enabling unauthenticated request...
WordPress Complianz – GDPR/CCPA Cookie Consent plugin <= 7.4.5 - Missing Authorization to Unauthenticated Private Post Content Disclosure vulnerability
Missing Authorization to Unauthenticated Private Post Content Disclosure vulnerability discovered by Wesley van de Kamp - Conda Security in WordPress Plugin Complianz versions = 7.4.5...
WordPress Complianz - GDPR/CCPA Cookie Consent plugin <= 7.4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Content Filter vulnerability
WordPress Complianz - GDPR/CCPA Cookie Consent plugin = 7.4.4.2 - Authenticated Contributor+ Stored Cross-Site Scripting via Content Filter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Complianz versions = 7.4.4.2...
CVE-2026-2389
CVE-2026-2389 : The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to a Stored Cross-Site Scripting (XSS) in all versions up to and including 7.4.4.2. The root cause is the function revert_divs_to_summary replacing the HTML entity ” with a literal quotes character ("") in...
CVE-2026-2389 Complianz – GDPR/CCPA Cookie Consent <= 7.4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Content Filter
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.4.2. This is due to the revertdivstosummary function replacing HTML entities with literal double-quote characters " in post content without subseque...
WordPress plugin Complianz 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-28334
Name of the Vulnerable Software and Affected Versions Complianz – GDPR/CCPA Cookie Consent plugin for WordPress versions prior to 7.4.4.3 Description The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is susceptible to Stored Cross-Site Scripting. This occurs because the revert divs to...
CVE-2025-11185
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cmplz-accept-link shortcode in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-11185 Complianz | GDPR/CCPA Cookie Consent <= 7.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cmplz-accept-link shortcode in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-11185 Complianz | GDPR/CCPA Cookie Consent <= 7.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cmplz-accept-link shortcode in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-11185
CVE-2025-11185 concerns the WordPress plugin “Complianz – GDPR/CCPA Cookie Consent”. The vulnerability is a Stored Cross-Site Scripting (Stored XSS) via the plugin’s cmplz-accept-link shortcode, arising from insufficient input sanitization and output escaping on user-supplied attributes. It affec...
PT-2026-20375
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cmplz-accept-link shortcode in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
EUVD-2023-0923
Malicious code in bioql PyPI...
EUVD-2024-17336
Malicious code in bioql PyPI...
CVE-2024-1592
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.6. This is due to missing or incorrect nonce validation on the processdelete function in class-DNSMPD.php. This makes it possible for unauthenticated...
CVE-2023-1069
The Complianz WordPress plugin before 6.4.2, Complianz Premium WordPress plugin before 6.4.2 do not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform...
CVE-2023-34030
Cross-Site Request Forgery CSRF vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Request Forgery.This issue affects Complianz: from n/a through 6.4.5; Complianz Premium: from n/a through 6.4.7...
CVE-2023-6498
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 6.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...