2 matches found
CVE-2024-8397
CVE-2024-8397 affects the WordPress plugin webtoffee-gdpr-cookie-consent (versions before 2.6.1). The root cause is improper sanitization/escaping of IP headers when logging, enabling a Stored XSS payload. The attack pattern is triggered when an admin visits the Consent report page, with the scri...
CVE-2024-8286
The CVE-2024-8286 entry concerns the WordPress plugin webtoffee-gdpr-cookie-consent prior to version 2.6.1, which reportedly lacks CSRF checks in certain bulk actions. Public sources in the connected documents confirm that this could allow an attacker to cause logged-in admins to perform unintend...