WordPress Plugin Vulnerabilities

Complianz | GDPR/CCPA Cookie Consent < 6.5.6 - Admin+ Stored XSS

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Affects Plugins

Plugin icon
complianz-gdpr
Fixed in 6.5.6

References

CVE
CVE-2023-6498
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/01c1458d-3e38-4dbf-bb65-80465ea6d0ad

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.1 (low)

Miscellaneous

Original Researcher
Webbernaut
Verified
No
WPVDB ID
6dc9e02d-bf1d-4358-bfb4-09120e256314

Timeline

Publicly Published
2024-01-03 (about 2 years ago)
Added
2024-01-03 (about 2 years ago)
Last Updated
2024-01-03 (about 2 years ago)

Other

Published
Title
Published
2025-01-24
Title
Caching Compatible Cookie Opt-In and JavaScript < 0.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-06-13
Title
ARMember < 4.0.3 - Admin+ Stored XSS
Published
2021-09-28
Title
Cool Tag Cloud < 2.26 - Contributor+ Stored Cross-Site Scripting
Published
2025-08-15
Title
Soledad < 8.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'pcsml_smartlists_h'
Published
2025-10-29
Title
Simple Payment < 2.4.7 - Unauthenticated Stored Cross-Site Scripting