Lucene search
K

97 matches found

Nuclei
Nuclei
added 18 hours ago19 views

PrestaShop lgcookieslaw - SQL Injection

The EU Cookie Law GDPR Banner + Blocker PrestaShop module before 2.1.3 allows blind SQL injection via the lglaw or lgcookieslaw cookie used to store user consent choices. id: CVE-2022-44727 info: name: PrestaShop lgcookieslaw - SQL Injection author: mastercho severity: critical description: | The...

9.1CVSS7.2AI score0.02397EPSS
Exploits1References3
Patchstack
Patchstack
added 2026/06/09 12:25 p.m.10 views

WordPress WP GDPR Cookie Consent plugin <= 1.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin WP GDPR Cookie Consent versions = 1.0.0...

6.4CVSS5.4AI score0.00188EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/09 3:41 a.m.7 views

CVE-2026-8977 WP GDPR Cookie Consent <= 1.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'ninja_gdpr_ajax_actions' AJAX Action

The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninjagdprajaxactions' AJAX action in versions up to, and including, 1.0.0. This is due to missing capability and nonce checks on the handleAjaxCalls function, combined with insufficient input...

6.4CVSS5.7AI score0.00188EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/09 3:41 a.m.9 views

EUVD-2026-35310

The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninjagdprajaxactions' AJAX action in versions up to, and including, 1.0.0. This is due to missing capability and nonce checks on the handleAjaxCalls function, combined with insufficient input...

6.4CVSS5.7AI score0.00188EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/09 3:41 a.m.34 views

CVE-2026-8977 WP GDPR Cookie Consent <= 1.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'ninja_gdpr_ajax_actions' AJAX Action

The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninjagdprajaxactions' AJAX action in versions up to, and including, 1.0.0. This is due to missing capability and nonce checks on the handleAjaxCalls function, combined with insufficient input...

6.4CVSS0.00188EPSS
Exploits0References5
CVE
CVE
added 2026/06/09 3:41 a.m.20 views

CVE-2026-8977

The WP GDPR Cookie Consent plugin for WordPress (versions up to and including 1.0.0) is vulnerable to Stored Cross-Site Scripting via the ninja_gdpr_ajax_actions AJAX action. The root cause is multi-fold: missing capability and nonce checks in handleAjaxCalls(), insufficient input sanitization of...

6.4CVSS5.7AI score0.00188EPSS
Exploits0References5
NVD
NVD
added 2026/01/23 3:16 p.m.7 views

CVE-2026-24604

Missing Authorization vulnerability in themebeez Simple GDPR Cookie Compliance simple-gdpr-cookie-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple GDPR Cookie Compliance: from n/a through = 2.0.0...

5.3CVSS0.00272EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/23 2:29 p.m.3 views

CVE-2026-24604 WordPress Simple GDPR Cookie Compliance plugin <= 2.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in themebeez Simple GDPR Cookie Compliance simple-gdpr-cookie-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple GDPR Cookie Compliance: from n/a through = 2.0.0...

5.3CVSS5.4AI score0.00272EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.12 views

PT-2026-4438

Name of the Vulnerable Software and Affected Versions themebeez Simple GDPR Cookie Compliance versions through 2.0.0 Description An issue exists in themebeez Simple GDPR Cookie Compliance where incorrectly configured access control security levels can be exploited, leading to a missing...

5.3CVSS5.3AI score0.00272EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/14 8:16 a.m.6 views

WordPress Simple GDPR Cookie Compliance plugin <= 2.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Simple GDPR Cookie Compliance versions = 2.0.0...

5.3CVSS5.4AI score0.00272EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/07 9:55 a.m.15 views

CVE-2025-1623

The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS5.6AI score0.00247EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:54 a.m.24 views

CVE-2025-1619

The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.6AI score0.00247EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:54 a.m.11 views

CVE-2025-1620

The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.6AI score0.00247EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:54 a.m.13 views

CVE-2025-1624

The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS5.6AI score0.00247EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:54 a.m.16 views

CVE-2025-1622

The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS5.6AI score0.00206EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress GDPR Cookie Compliance plugin < 4.15.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin GDPR Cookie Compliance versions 4.15.7...

4.8CVSS5.9AI score0.00247EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress GDPR Cookie Compliance plugin <= 4.15.6 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin GDPR Cookie Compliance versions = 4.15.6...

4.8CVSS5.4AI score0.004EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2025/11/21 1:15 p.m.4 views

CVE-2025-66075

Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through = 4.0.3...

4.3CVSS0.00249EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/06 3:54 p.m.9 views

CVE-2025-53316 WordPress WP GDPR Cookie Consent plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Shahjahan Jewel WP GDPR Cookie Consent wp-gdpr-cookie-consent allows Stored XSS.This issue affects WP GDPR Cookie Consent: from n/a through = 1.0.0...

7.1CVSS0.00103EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.4 views

PT-2025-45226

Cross-Site Request Forgery CSRF vulnerability in Shahjahan Jewel WP GDPR Cookie Consent wp-gdpr-cookie-consent allows Stored XSS.This issue affects WP GDPR Cookie Consent: from n/a through = 1.0.0...

6.6AI score0.00103EPSS
Exploits0References2
Rows per page
Query Builder