4 matches found
WordPress GDPR Cookie Consent plugin <= 2.6.0 - Unauthenticated Stored XSS vulnerability
Unauthenticated Stored XSS vulnerability discovered by Zitec/Teodora Jilaveanu in WordPress Plugin GDPR Cookie Consent versions = 2.6.0...
CVE-2024-8397
The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Consent report' page and the malicious...
CVE-2024-8397 GDPR Cookie Consent <= 2.6.0 - Unauthenticated Stored XSS
The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Consent report' page and the malicious...
CVE-2024-8397 GDPR Cookie Consent <= 2.6.0 - Unauthenticated Stored XSS
The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Consent report' page and the malicious...