2 matches found
CVE-2022-3811
CVE-2022-3811 – EU Cookie Law (WordPress) Stored XSS : In versions up to 3.1.6, the plugin does not sanitize/escape certain settings, allowing an admin (high privileged) to execute a stored XSS, even if unfiltered_html is disallowed (e.g., multisite). Connected sources confirm the affected compon...
CVE-2019-16522
CVE-2019-16522 affects the WordPress plugin eu-cookie-law (versions up to 3.0.6). The issue is a Stored XSS caused by improper encoding of several admin/config and cookie message fields (Font Color, Background Color, Disable Cookie text). An attacker with high privileges can target other users. R...