4 matches found
WordPress Cookie Notice & Compliance for GDPR / CCPA Plugin < 2.4.7 Multiple XSS Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:hu-manity:cookienotice%26complianceforgdpr%2fccpa";...
CVE-2023-0823
The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.4.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...
CVE-2023-0823 Cookie Notice & Compliance for GDPR / CCPA < 2.4.7 - Contributor+ Stored XSS
The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.4.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...
CVE-2023-0823
CVE-2023-0823 affects the Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.4.7. The issue is that shortcode attributes are not properly validated or escaped before output, enabling stored cross-site scripting when a page/post embeds the shortcode and the attacker has Contribut...