WordPress Plugin Vulnerabilities

Cookiebot < 3.6.1 - Authenticated Reflected Cross-Site Scripting (XSS)

Description

Versions prior to 3.6.1 are susceptible to this attack, which allows hackers to exploit the vulnerability found on administrative pages.

Affects Plugins

Plugin icon
cookiebot
Fixed in 3.6.1

References

URL
https://labs.sucuri.net/reflected-xss-in-cookiebot-administrative-page/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher
Antony Garand (Sucuri)
Verified
No
WPVDB ID
8cdd58f8-39a4-4c00-a2a7-fa12ded9a822

Timeline

Publicly Published
2020-03-23 (about 6 years ago)
Added
2020-03-23 (about 6 years ago)
Last Updated
2020-03-24 (about 6 years ago)

Other

Published
Title
Published
2024-03-25
Title
Calculated Fields Form < 1.2.55 - Reflected Cross-Site Scripting
Published
2025-01-04
Title
Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS < 0.0.22 - Reflected Cross-Site Scripting
Published
2023-01-23
Title
PickPlugins Product Slider for WooCommerce < 1.13.42 - Contributor+ Stored XSS
Published
2024-07-11
Title
Swift Framework < 2024.04.30 - Contributor+ Stored XSS
Published
2024-07-01
Title
Post Meta Data Manager < 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting