Due to insufficient input sanitization and output escaping, makes it possible for authenticated attackers, with administrative privileges and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the injected /wp-admin/admin.php?page=cookie-notice page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

This vulnerability affects the following application versions:

  • Cookie Notice & Compliance for GDPR / CCPA 1.4.12
  • Cookie Notice & Compliance for GDPR / CCPA 2.0.0
  • Cookie Notice & Compliance for GDPR / CCPA 2.0.1
  • Cookie Notice & Compliance for GDPR / CCPA 2.0.2
  • Cookie Notice & Compliance for GDPR / CCPA 2.0.3
  • Cookie Notice & Compliance for GDPR / CCPA 2.0.4
  • Cookie Notice & Compliance for GDPR / CCPA 2.1.0
  • Cookie Notice & Compliance for GDPR / CCPA 2.1.1
  • Cookie Notice & Compliance for GDPR / CCPA 2.1.2
  • Cookie Notice & Compliance for GDPR / CCPA 2.1.3
  • Cookie Notice & Compliance for GDPR / CCPA 2.1.4
  • Cookie Notice & Compliance for GDPR / CCPA 2.1.5
  • Cookie Notice & Compliance for GDPR / CCPA 2.2.0
  • Cookie Notice & Compliance for GDPR / CCPA 2.2.1
  • Cookie Notice & Compliance for GDPR / CCPA 2.2.2
  • Cookie Notice & Compliance for GDPR / CCPA 2.2.3
  • Cookie Notice & Compliance for GDPR / CCPA 2.3.0
  • Cookie Notice & Compliance for GDPR / CCPA 2.3.1
  • Cookie Notice & Compliance for GDPR / CCPA 2.4.0
  • Cookie Notice & Compliance for GDPR / CCPA 2.4.1
  • Cookie Notice & Compliance for GDPR / CCPA 2.4.2
  • Cookie Notice & Compliance for GDPR / CCPA 2.4.3
  • Cookie Notice & Compliance for GDPR / CCPA 2.4.4
  • Cookie Notice & Compliance for GDPR / CCPA 2.4.5
  • Cookie Notice & Compliance for GDPR / CCPA 2.4.6
  • Cookie Notice & Compliance for GDPR / CCPA 2.4.7
  • Cookie Notice & Compliance for GDPR / CCPA 2.4.8
  • Cookie Notice & Compliance for GDPR / CCPA 2.4.9
  • Cookie Notice & Compliance for GDPR / CCPA 2.4.10
  • Cookie Notice & Compliance for GDPR / CCPA 2.4.11
  • Cookie Notice & Compliance for GDPR / CCPA 2.4.11.1
  • Cookie Notice & Compliance for GDPR / CCPA 2.4.13
  • Cookie Notice & Compliance for GDPR / CCPA 2.4.14
  • Cookie Notice & Compliance for GDPR / CCPA 2.4.15
  • Cookie Notice & Compliance for GDPR / CCPA 2.4.16
  • Cookie Notice & Compliance for GDPR / CCPA 2.4.17
  • Cookie Notice & Compliance for GDPR / CCPA 2.4.17.1

Skriv et svar

Din e-mailadresse vil ikke blive publiceret. Krævede felter er markeret med *