26 matches found
Beautiful Cookie Consent Banner < 2.10.2 - Cross-Site Scripting
The Beautiful Cookie Consent Banner for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nscbarcontenthref' parameter in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
EUVD-2025-19989
Malicious code in bioql PyPI...
CVE-2025-49866
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nikel Beautiful Cookie Consent Banner beautiful-and-responsive-cookie-consent allows Reflected XSS.This issue affects Beautiful Cookie Consent Banner: from n/a through = 4.6.1...
CVE-2025-49866
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nikel Beautiful Cookie Consent Banner beautiful-and-responsive-cookie-consent allows Reflected XSS.This issue affects Beautiful Cookie Consent Banner: from n/a through = 4.6.1...
CVE-2025-49866 WordPress Beautiful Cookie Consent Banner plugin <= 4.6.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nikel Beautiful Cookie Consent Banner beautiful-and-responsive-cookie-consent allows Reflected XSS.This issue affects Beautiful Cookie Consent Banner: from n/a through = 4.6.1...
WordPress plugin Beautiful Cookie Consent Banner 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
CVE-2023-3388
The Beautiful Cookie Consent Banner for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nscbarcontenthref' parameter in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2022-3823
The Beautiful Cookie Consent Banner WordPress plugin before 2.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2024-5607
The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers,...
CVE-2024-5607
The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers,...
CVE-2024-5607
The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers,...
WordPress GDPR CCPA Compliance & Cookie Consent Banner plugin <= 2.7.0 - Missing Authorization to Settings Update and Stored Cross-Site Scripting vulnerability
Missing Authorization to Settings Update and Stored Cross-Site Scripting vulnerability discovered by Lucio Sá in WordPress Plugin GDPR CCPA Compliance Support versions = 2.7.0...
WordPress GDPR/CCPA Cookie Consent Banner plugin <= 3.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Cookie Consent versions = 3.2...
CVE-2023-3388
The CVE-2023-3388 issue affects the WordPress plugin Beautiful Cookie Consent Banner. Affected: WordPress plugin versions up to 2.10.1. Root cause: insufficient input sanitization and output escaping for the nsc_bar_content_href parameter. Impact: stored cross-site scripting allowing unauthentica...
PT-2023-24531
Name of the Vulnerable Software and Affected Versions The Beautiful Cookie Consent Banner for WordPress versions up to, and including, 2.10.1 Description The issue is related to Stored Cross-Site Scripting via the nsc bar content href parameter due to insufficient input sanitization and output...
WordPress plugin Beautiful Cookie Consent Banner 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances
Email protection and network security services provider Barracuda is warning users about a zero-day flaw that it said has been exploited to breach the company's Email Security Gateway ESG appliances. The zero-day is being tracked as CVE-2023-2868 and has been described as a remote code injection...
"Beautiful Cookie Consent Banner" WordPress plugin vulnerability: Update now!
WordPress plugins are under fire once more, and youre advised to update your version of Beautiful Cookie Consent Banner as soon as possible. The plugin, which is installed on more than 40,000 sites, has been impacted by a "bizarre campaign" being actively used since at least February 5 of this...
WordPress Beautiful Cookie Consent Banner 2.10.1 Cross Site Scripting
Description: Beautiful Cookie Consent Banner = 2.10.1 - Unauthenticated Stored Cross-Site Scripting Affected Plugin:Beautiful Cookie Consent Banner Plugin Slug: beautiful-and-responsive-cookie-consent Affected Versions: = 2.10.1 CVE ID: Not Assigned CVSS Score: 7.2 High CVSS Vector:...
Beautiful Cookie Consent Banner < 2.10.2 - Unauthenticated Stored XSS
The plugin does not have authorisation and CSRF check when updating its settings, and does not escape some of them when outputting them, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks. An initial fix was released in version 2.10.1, and completed in...