CVE-2022-0445

The CVE concerns the WordPress Real Cookie Banner plugin (before 2.14.2). The root cause is missing CSRF checks when resetting settings, which can allow a CSRF attacker to trigger a logged-in admin to reset the banner settings. The vulnerability affects the plugin’s settings reset flow and is doc...

CVE-2022-4507

CVE-2022-4507 affects the Real Cookie Banner WordPress plugin up to version 3.4.10. The vulnerability arises from insufficient validation and escaping of shortcode attributes, enabling stored XSS where a contributor may inject script that runs in admins’ logged-in sessions. The issue is confirmed...

CVE-2025-1485

Concrete details confirm a Stored XSS vulnerability in the Real Cookie Banner and Real Cookie Banner Pro WordPress plugins, before version 5.1.6. Root cause: some settings are not sanitised/escaped, allowing high-privilege users (e.g., admins) to perform stored XSS even with unfiltered_html disal...