Lucene search
K

4 matches found

Patchstack
Patchstack
added 2025/05/19 2:50 a.m.7 views

WordPress GDPR Cookie Consent plugin <= 2.6.0 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Zitec/Teodora Jilaveanu in WordPress Plugin GDPR Cookie Consent versions = 2.6.0...

5.4CVSS6AI score0.00266EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/17 9:1 p.m.7 views

CVE-2024-8397

The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Consent report' page and the malicious...

5.4CVSS5.9AI score0.00266EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/15 8:7 p.m.16 views

CVE-2024-8397 GDPR Cookie Consent <= 2.6.0 - Unauthenticated Stored XSS

The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Consent report' page and the malicious...

0.00266EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:7 p.m.3 views

CVE-2024-8397 GDPR Cookie Consent <= 2.6.0 - Unauthenticated Stored XSS

The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Consent report' page and the malicious...

6AI score0.00266EPSS
Exploits1References1
Rows per page
Query Builder