5 matches found
EUVD-2025-15258
Malicious code in bioql PyPI...
CVE-2024-8397
The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Consent report' page and the malicious...
CVE-2024-8286
The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting visit logs via CSRF attacks...
PT-2025-21519 · Unknown · Webtoffee-Gdpr-Cookie-Consent
Name of the Vulnerable Software and Affected Versions: webtoffee-gdpr-cookie-consent versions prior to 2.6.1 Description: The issue allows visitors to conduct Stored Cross-Site Scripting attacks due to improper sanitization and escaping of IP headers when logging them. The payload is triggered wh...
PT-2025-21518 · Unknown · Webtoffee-Gdpr-Cookie-Consent
Name of the Vulnerable Software and Affected Versions: webtoffee-gdpr-cookie-consent versions prior to 2.6.1 Description: The issue concerns the lack of CSRF checks in some bulk actions, which could allow attackers to make logged-in admins perform unwanted actions, such as deleting visit logs via...