EUVD-2026-26200

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/complianz/v1/consent-area/postid/blockid using returntrue as the permissioncallback, allowing any...

CVE-2026-2389

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.4.2. This is due to the revertdivstosummary function replacing HTML entities with literal double-quote characters " in post content without subseque...

CVE-2026-2389

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.4.2. This is due to the revertdivstosummary function replacing HTML entities with literal double-quote characters " in post content without subseque...

CVE-2026-1084

The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-1084 Cookie consent for developers <= 1.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Multiple Settings Fields

The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-1084 Cookie consent for developers <= 1.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Multiple Settings Fields

The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-1084

CVE-2026-1084 concerns the WordPress plugin “Cookie consent for developers.” The vulnerability is a Stored Cross-Site Scripting (XSS) via multiple settings fields in all versions up to 1.7.1, caused by insufficient input sanitization and output escaping. Impact is limited to sites using multisite...

PT-2026-4582

The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress plugin: Cookie consent for developers – Cross-site scripting vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2025-53316 WordPress WP GDPR Cookie Consent plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Shahjahan Jewel WP GDPR Cookie Consent wp-gdpr-cookie-consent allows Stored XSS.This issue affects WP GDPR Cookie Consent: from n/a through = 1.0.0...

CVE-2025-53316

CVE-2025-53316 is a CSRF vulnerability in the WordPress plugin WP GDPR Cookie Consent ( wp-gdpr-cookie-consent ), affecting versions up to 1.0.0. Descriptions across multiple sources (NVD/Red Hat/Wordfence) consistently state that this CSRF allows Stored XSS in WP GDPR Cookie Consent. The connect...

WordPress plugin WP GDPR Cookie Consent 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-sit...

EUVD-2018-2444

Malware in sbrugna...

CVE-2024-8397

The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Consent report' page and the malicious...

CVE-2024-11724

The Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker for GDPR, CCPA & ePrivacy plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wplscriptsave AJAX action in all versions up to, and including, 3.6.5...

CVE-2024-11724

The Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker for GDPR, CCPA & ePrivacy plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wplscriptsave AJAX action in all versions up to, and including, 3.6.5...

PT-2024-17213 · WordPress · Cookie Consent For Wp

Name of the Vulnerable Software and Affected Versions: Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker for GDPR, CCPA & ePrivacy plugin for WordPress versions up to, and including, 3.6.5 Description: The issue concerns unauthorized modification of data due to a...

CVE-2018-10371

An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1.3 for WordPress. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser via a pag...

WordPress Catapult UK Cookie Consent Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports the setting up of personal blog sites on servers with PHP and MySQL.Catapult UK Cookie Consent is a plugin used to add a cached notification bar to a website. A cross-site...

WordPress Responsive Cookie Consent plugin authentication cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up personal blog site.Responsive Cookie Consent plugin is used in which a cookie confirmation plugin. A security vulnerability exists in...