cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-3399,https://securityvulnerability.io/vulnerability/CVE-2022-3399,Stored Cross-Site Scripting Vulnerability Affects Cookie Notice & Compliance Plugin,"The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress contains a vulnerability that allows for Stored Cross-Site Scripting through the 'cookie_notice_options[refuse_code_head]' parameter. This flaw arises from inadequate input sanitization and output escaping practices, enabling authenticated attackers with administrative privileges to inject malicious web scripts. These scripts may execute whenever a user accesses the affected /wp-admin/admin.php?page=cookie-notice page. The vulnerability is specifically present in multi-site installations and those where unfiltered_html has been disabled, posing a significant risk to the integrity and security of affected websites.",Wordpress,Cookie Notice & Compliance For Gdpr / Ccpa,4.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-08-16T02:31:26.402Z,0
CVE-2024-5607,https://securityvulnerability.io/vulnerability/CVE-2024-5607,Unauthorized Data Modification Vulnerability in GDPR CCPA Compliance & Cookie Consent Banner Plugin,"The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings() in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's settings, update page content, send arbitrary emails and inject malicious web scripts.",Wordpress,Gdpr Ccpa Compliance & Cookie Consent Banner,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-07T02:39:28.634Z,0
CVE-2023-4013,https://securityvulnerability.io/vulnerability/CVE-2023-4013,GDPR Cookie Compliance < 4.12.5 - License Update/Deactivation via CSRF,"The GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) WordPress plugin before 4.12.5 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks",Wordpress,"GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent)",6.5,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2023-08-30T15:15:00.000Z,0
CVE-2020-36718,https://securityvulnerability.io/vulnerability/CVE-2020-36718,PHP Object Injection Vulnerability in GDPR CCPA Compliance Support Plugin for WordPress,"The GDPR CCPA Compliance Support plugin for WordPress is susceptible to a PHP Object Injection vulnerability due to improper handling of untrusted input during the deserialization process. Specifically, the 'njt_gdpr_allow_permissions' parameter can be exploited by unauthenticated attackers, potentially allowing them to inject malicious PHP objects into the application. This vulnerability affects all versions of the plugin up to and including 2.3. It is crucial for users to take immediate action by updating to the latest version to mitigate the risk of exploitation.",Wordpress,Gdpr Ccpa Compliance Support,9.8,CRITICAL,0.018540000542998314,false,,false,false,false,,,false,false,,2023-06-07T01:51:35.736Z,0
CVE-2019-25143,https://securityvulnerability.io/vulnerability/CVE-2019-25143,Authorization Bypass Vulnerability in GDPR Cookie Compliance Plugin for WordPress,"The GDPR Cookie Compliance plugin for WordPress is susceptible to an authorization bypass vulnerability due to a lack of capability checks on the gdpr_cookie_compliance_reset_settings AJAX action. This weakness, present in versions up to and including 4.0.2, allows authenticated attackers to effortlessly reset all plugin settings, potentially leading to unauthorized configuration alterations.",Wordpress,"Gdpr Cookie Compliance (ccpa, Dsgvo, Cookie Consent)",5.4,MEDIUM,0.0012799999676644802,false,,false,false,false,,,false,false,,2023-06-07T01:51:31.166Z,0
CVE-2021-4348,https://securityvulnerability.io/vulnerability/CVE-2021-4348,Unauthenticated Settings Exposure in Ultimate GDPR & CCPA Plugin for WordPress,"The Ultimate GDPR & CCPA plugin for WordPress is vulnerable due to its export_settings and import_settings functions, which permit unauthenticated users to import or export plugin settings. This vulnerability exposes the plugin to potential configuration manipulation, allowing attackers to alter plugin settings without authorization. As a result, attackers could redirect users to malicious websites or introduce harmful changes, posing significant risks to website integrity and user safety. Users are advised to update to the latest versions to mitigate this risk.",Wordpress,Ultimate Gdpr & Ccpa Compliance Toolkit For WordPress,7.5,HIGH,0.0014100000262260437,false,,false,false,false,,,false,false,,2023-06-07T01:51:15.874Z,0
CVE-2023-0823,https://securityvulnerability.io/vulnerability/CVE-2023-0823,Cookie Notice & Compliance for GDPR / CCPA < 2.4.7 - Contributor+ Stored XSS,"The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.4.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks",Wordpress,Cookie Notice & Compliance for GDPR / CCPA,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-03-27T16:15:00.000Z,0
CVE-2022-3911,https://securityvulnerability.io/vulnerability/CVE-2022-3911,iubenda < 3.3.3 - Subscriber+ Privileges Escalation to Admin,"The iubenda WordPress plugin prior to version 3.3.3 contains a security issue where it lacks proper authorization checks and is vulnerable to Cross-Site Request Forgery (CSRF) in an AJAX action. This vulnerability allows authenticated users, including those with low-level roles like subscribers, to manipulate plugin options and grant themselves elevated privileges such as the ability to edit plugins. This presents a significant risk to WordPress sites using the plugin, as it can lead to unauthorized actions and compromise site integrity.",Wordpress,Iubenda | All-in-one Compliance For Gdpr / Ccpa Cookie Consent + More,8.8,HIGH,0.0011399999493733048,false,,false,false,false,,,false,false,,2023-01-02T21:49:36.753Z,0
CVE-2021-24569,https://securityvulnerability.io/vulnerability/CVE-2021-24569,Cookie Notice & Compliance for GDPR / CCPA < 2.1.2 - Admin+ Stored Cross-Site Scripting,"The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.1.2 does not escape the value of its Button Text setting when outputting it in an attribute in the frontend, allowing high privilege users such as admin to perform Cross-Site Scripting even when the unfiltered_html capability is disallowed.",Wordpress,Cookie Notice & Compliance For Gdpr / Ccpa,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-09-27T15:25:21.000Z,0
CVE-2021-24590,https://securityvulnerability.io/vulnerability/CVE-2021-24590,Cookie Notice & Consent Banner for GDPR & CCPA Compliance < 1.7.2 - Authenticated Stored XSS,The Cookie Notice & Consent Banner for GDPR & CCPA Compliance WordPress plugin before 1.7.2 does not properly sanitize inputs to prevent injection of arbitrary HTML within the plugin's design customization options.,Wordpress,Cookie Notice & Consent Banner For gdpr & Ccpa Compliance,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-09-06T11:09:29.000Z,0