75 matches found
CVE-2026-22809
tarteaucitron.js is a compliant and accessible cookie banner. Prior to 1.29.0, a Regular Expression Denial of Service ReDoS vulnerability was identified in tarteaucitron.js in the handling of the issuuid parameter. This vulnerability is fixed in 1.29.0...
CVE-2026-22809
tarteaucitron.js is a compliant and accessible cookie banner. Prior to 1.29.0, a Regular Expression Denial of Service ReDoS vulnerability was identified in tarteaucitron.js in the handling of the issuuid parameter. This vulnerability is fixed in 1.29.0...
CVE-2026-22809
tarteaucitron.js has a ReDoS vulnerability in the handling of the issuu_id parameter, fixed in version 1.29.0. Prior to 1.29.0, insufficiently constrained regex could cause excessive backtracking and CPU consumption. Upgrading to 1.29.0 or applying the mitigation described in public advisories is...
CVE-2026-22809 tarteaucitron.js has Regular Expression Denial of Service (ReDoS) vulnerability
tarteaucitron.js is a compliant and accessible cookie banner. Prior to 1.29.0, a Regular Expression Denial of Service ReDoS vulnerability was identified in tarteaucitron.js in the handling of the issuuid parameter. This vulnerability is fixed in 1.29.0...
CVE-2022-0445
The WordPress Real Cookie Banner: GDPR DSGVO & ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a logged in admin reset them via a CSRF attack...
CVE-2025-14061
The Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker for GDPR, CCPA & ePrivacy : WP Cookie Consent plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the gdprdeletepolicydata function in all versions up to, and...
CVE-2025-12136
The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.2.4. This is due to insufficient validation on the user-supplied URL in the '/scanner/scan-without-login' REST API endpoint. This makes ...
WordPress plugin Real Cookie Banner 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
CVE-2025-12136
The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.2.4. This is due to insufficient validation on the user-supplied URL in the '/scanner/scan-without-login' REST API endpoint. This makes ...
CVE-2025-12136 Real Cookie Banner: GDPR & ePrivacy Cookie Consent <= 5.2.4 - Authenticated (Admin+) Server-Side Request Forgery via scan-without-login Endpoint
The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.2.4. This is due to insufficient validation on the user-supplied URL in the '/scanner/scan-without-login' REST API endpoint. This makes ...
EUVD-2025-35827
The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.2.4. This is due to insufficient validation on the user-supplied URL in the '/scanner/scan-without-login' REST API endpoint. This makes ...
CVE-2025-12136 Real Cookie Banner: GDPR & ePrivacy Cookie Consent <= 5.2.4 - Authenticated (Admin+) Server-Side Request Forgery via scan-without-login Endpoint
The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.2.4. This is due to insufficient validation on the user-supplied URL in the '/scanner/scan-without-login' REST API endpoint. This makes ...
CVE-2025-12136
CVE-2025-12136 affects the WordPress plugin “Real Cookie Banner: GDPR & ePrivacy Cookie Consent”. Wordfence and related sources describe a Server-Side Request Forgery (SSRF) vulnerability in all versions up to and including 5.2.4, caused by insufficient validation of the user-supplied URL in the ...
PT-2025-43606
Name of the Vulnerable Software and Affected Versions The Real Cookie Banner versions up to and including 5.2.4 Description The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is susceptible to Server-Side Request Forgery. This is caused by inadequate validation of the...
WordPress Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin <= 5.2.4 - Authenticated (Admin+) Server-Side Request Forgery via scan-without-login Endpoint vulnerability
Authenticated Admin+ Server-Side Request Forgery via scan-without-login Endpoint vulnerability discovered by SpiderSec in WordPress Plugin Real Cookie Banner versions = 5.2.4...
EUVD-2025-16608
Malicious code in bioql PyPI...
EUVD-2025-10040
Malicious code in bioql PyPI...
EUVD-2025-26559
Malicious code in bioql PyPI...
EUVD-2022-51848
Malicious code in bioql PyPI...
CVE-2025-48939
tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual...