Lucene search
+L

26 matches found

Nuclei
Nuclei
added 2 days ago31 views

Beautiful Cookie Consent Banner < 2.10.2 - Cross-Site Scripting

The Beautiful Cookie Consent Banner for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nscbarcontenthref' parameter in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS6.5AI score0.84461EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-19989

Malicious code in bioql PyPI...

7.1CVSS6.5AI score0.00175EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/06 11:21 a.m.12 views

CVE-2025-49866

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nikel Beautiful Cookie Consent Banner beautiful-and-responsive-cookie-consent allows Reflected XSS.This issue affects Beautiful Cookie Consent Banner: from n/a through = 4.6.1...

7.1CVSS5.9AI score0.00175EPSS
Exploits0References1
NVD
NVD
added 2025/07/04 12:15 p.m.8 views

CVE-2025-49866

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nikel Beautiful Cookie Consent Banner beautiful-and-responsive-cookie-consent allows Reflected XSS.This issue affects Beautiful Cookie Consent Banner: from n/a through = 4.6.1...

7.1CVSS0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/04 11:17 a.m.14 views

CVE-2025-49866 WordPress Beautiful Cookie Consent Banner plugin <= 4.6.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nikel Beautiful Cookie Consent Banner beautiful-and-responsive-cookie-consent allows Reflected XSS.This issue affects Beautiful Cookie Consent Banner: from n/a through = 4.6.1...

7.1CVSS0.00175EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/04 12:0 a.m.4 views

WordPress plugin Beautiful Cookie Consent Banner 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

7.1CVSS5.9AI score0.00175EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 6:5 a.m.4 views

CVE-2023-3388

The Beautiful Cookie Consent Banner for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nscbarcontenthref' parameter in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS5.1AI score0.84461EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:12 p.m.20 views

CVE-2022-3823

The Beautiful Cookie Consent Banner WordPress plugin before 2.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

4.8CVSS5.6AI score0.00459EPSS
Exploits1
OSV
OSV
added 2024/06/07 3:15 a.m.5 views

CVE-2024-5607

The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers,...

5.4CVSS5.9AI score0.00276EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/06/07 3:15 a.m.1 views

CVE-2024-5607

The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers,...

5.4CVSS6AI score0.00276EPSS
Exploits0References3
NVD
NVD
added 2024/06/07 3:15 a.m.24 views

CVE-2024-5607

The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers,...

5.4CVSS0.00276EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/06/07 1:59 a.m.7 views

WordPress GDPR CCPA Compliance & Cookie Consent Banner plugin <= 2.7.0 - Missing Authorization to Settings Update and Stored Cross-Site Scripting vulnerability

Missing Authorization to Settings Update and Stored Cross-Site Scripting vulnerability discovered by Lucio Sá in WordPress Plugin GDPR CCPA Compliance Support versions = 2.7.0...

5.4CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/06/06 9:57 a.m.4 views

WordPress GDPR/CCPA Cookie Consent Banner plugin <= 3.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Cookie Consent versions = 3.2...

7.3CVSS7AI score0.00278EPSS
Exploits0Affected Software1
CVE
CVE
added 2023/06/24 2:0 a.m.56 views

CVE-2023-3388

The CVE-2023-3388 issue affects the WordPress plugin Beautiful Cookie Consent Banner. Affected: WordPress plugin versions up to 2.10.1. Root cause: insufficient input sanitization and output escaping for the nsc_bar_content_href parameter. Impact: stored cross-site scripting allowing unauthentica...

7.2CVSS5.7AI score0.84461EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/24 12:0 a.m.7 views

PT-2023-24531

Name of the Vulnerable Software and Affected Versions The Beautiful Cookie Consent Banner for WordPress versions up to, and including, 2.10.1 Description The issue is related to Stored Cross-Site Scripting via the nsc bar content href parameter due to insufficient input sanitization and output...

7.2CVSS5.4AI score0.84461EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/06/23 12:0 a.m.5 views

WordPress plugin Beautiful Cookie Consent Banner 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

7.2CVSS5.9AI score0.84461EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2023/05/26 4:4 a.m.82 views

Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances

Email protection and network security services provider Barracuda is warning users about a zero-day flaw that it said has been exploited to breach the company's Email Security Gateway ESG appliances. The zero-day is being tracked as CVE-2023-2868 and has been described as a remote code injection...

6.8AI score0.86956EPSS
Exploits3
Malwarebytes
Malwarebytes
added 2023/05/25 9:0 p.m.14 views

"Beautiful Cookie Consent Banner" WordPress plugin vulnerability: Update now!

WordPress plugins are under fire once more, and youre advised to update your version of Beautiful Cookie Consent Banner as soon as possible. The plugin, which is installed on more than 40,000 sites, has been impacted by a "bizarre campaign" being actively used since at least February 5 of this...

5.6AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/25 12:0 a.m.402 views

WordPress Beautiful Cookie Consent Banner 2.10.1 Cross Site Scripting

Description: Beautiful Cookie Consent Banner = 2.10.1 - Unauthenticated Stored Cross-Site Scripting Affected Plugin:Beautiful Cookie Consent Banner Plugin Slug: beautiful-and-responsive-cookie-consent Affected Versions: = 2.10.1 CVE ID: Not Assigned CVSS Score: 7.2 High CVSS Vector:...

7.1AI score
Exploits0
wpexploit
wpexploit
added 2023/02/13 12:0 a.m.373 views

Beautiful Cookie Consent Banner < 2.10.2 - Unauthenticated Stored XSS

The plugin does not have authorisation and CSRF check when updating its settings, and does not escape some of them when outputting them, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks. An initial fix was released in version 2.10.1, and completed in...

1.3AI score
Exploits0
Rows per page
Query Builder