WordPress Plugin Vulnerabilities
Cookie Notice & Consent Banner for GDPR & CCPA Compliance < 1.7.2 - Admin+ Stored XSS
Description
The plugin does not properly sanitize inputs to prevent injection of arbitrary HTML within the plugin's design customization options.
Proof of Concept
Go to the plugin's Customize Design page and open the "Wizard menu". Now scroll down and you will find an "Info Text" field where you can inject an XSS payload like "<details open ontoggle=confirm()>". Click "Publish" to store the payload.
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Asif Nawaz Minhas
Submitter
Asif Nawaz Minhas
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-08-06 (about 2 years ago)
Added
2021-08-06 (about 2 years ago)
Last Updated
2023-04-12 (about 1 years ago)