WordPress Plugin Vulnerabilities

WF Cookie Consent <= 1.1.3 - Authenticated Persistent Cross-Site Scripting (XSS)

Description

The WF Cookie Consent WordPress plugin was affected by an Authenticated Persistent Cross-Site Scripting (XSS) security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
wf-cookie-consent
Fixed in 1.1.4

References

CVE
CVE-2018-10371
URL
https://gist.github.com/B0UG/8615df3fe83a4deca07334af783696d6
URL
https://plugins.trac.wordpress.org/changeset/1868357/wf-cookie-consent

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
B0UG
Verified
No
WPVDB ID
7ff751a1-d40d-48fc-ac07-b2ea3b82965a

Timeline

Publicly Published
2018-05-01 (about 8 years ago)
Added
2018-05-03 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-12-11
Title
Feedpress Generator <= 1.2.1 - Reflected Cross-Site Scripting
Published
2025-07-14
Title
Strong Testimonials < 3.2.12 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Fields
Published
2025-04-04
Title
Showeblogin Social <= 7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-09-25
Title
Move Addons for Elementor < 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2022-09-08
Title
Culture Object < 4.1.1 - Admin+ Stored Cross-Site Scripting