6 matches found
EUVD-2025-15258
Malicious code in bioql PyPI...
CVE-2024-8397
The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Consent report' page and the malicious...
CVE-2024-8286
The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting visit logs via CSRF attacks...
PT-2025-21519 · Unknown · Webtoffee-Gdpr-Cookie-Consent
Name of the Vulnerable Software and Affected Versions: webtoffee-gdpr-cookie-consent versions prior to 2.6.1 Description: The issue allows visitors to conduct Stored Cross-Site Scripting attacks due to improper sanitization and escaping of IP headers when logging them. The payload is triggered wh...
PT-2025-21518 · Unknown · Webtoffee-Gdpr-Cookie-Consent
Name of the Vulnerable Software and Affected Versions: webtoffee-gdpr-cookie-consent versions prior to 2.6.1 Description: The issue concerns the lack of CSRF checks in some bulk actions, which could allow attackers to make logged-in admins perform unwanted actions, such as deleting visit logs via...
WordPress plugin webtoffee-gdpr-cookie-consent 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...