Vulnerabilities and security researches forbeautiful-and-responsive-cookie-consent beautiful-and-responsive-cookie-consent

Jun 16, 2026

CVE, Research URL: d2a445136d1a6be962e15c0f78eb6c325db3e7c4
Home page URL: Security reports for Beautiful Cookie Consent Banner
Application: Beautiful Cookie Consent Banner
Date: Jan 31, 2023
Research Description: Beautiful Cookie Consent Banner [beautiful-and-responsive-cookie-consent] < 2.10.1 Beautiful Cookie Consent Banner <= 2.10.0 - Missing Authorization to Settings Update The Beautiful Cookie Consent Banner plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the nsc_bar_save_submitted_form_fields() function called via and admin_init hook in versions up to, and including, 2.10.0. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts. Please note this is still vulnerable to Cross-Site Request Forgery attacks.
Affected versions: max 2.10.1.
Status: vulnerable

CVE, Research URL: e99fa9cb79fc441194ec19a15f00869325c92581
Home page URL: Security reports for Beautiful Cookie Consent Banner
Application: Beautiful Cookie Consent Banner
Date: Feb 01, 2023
Research Description: Beautiful Cookie Consent Banner [beautiful-and-responsive-cookie-consent] < 2.10.1 WordPress Beautiful Cookie Consent Banner Plugin <= 2.10.0 is vulnerable to Cross Site Scripting (XSS) Update the WordPress Beautiful Cookie Consent Banner plugin to the latest available version (at least 2.10.1). Wordfence discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Beautiful Cookie Consent Banner Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 2.10.1.
Affected versions: max 2.10.1.
Status: vulnerable

CVE, Research URL: 2dd3fb0b905f60f848fe32e6ae8b96677a4c964a
Home page URL: Security reports for Beautiful Cookie Consent Banner
Application: Beautiful Cookie Consent Banner
Date: Jan 31, 2023
Research Description: Beautiful Cookie Consent Banner [beautiful-and-responsive-cookie-consent] < 2.10.1 Beautiful Cookie Consent Banner <= 2.10.1 - Unauthenticated Stored Cross-Site Scripting The Beautiful Cookie Consent Banner for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nsc_bar_content_href' parameter in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. A partial patch was made available in 2.10.1 and the issue was fully patched in 2.10.2.
Affected versions: max 2.10.1.
Status: vulnerable

CVE, Research URL: a1702da43b05fc3064a613bf7473ed83c05d29b2
Home page URL: Security reports for Beautiful Cookie Consent Banner
Application: Beautiful Cookie Consent Banner
Date: Feb 01, 2023
Research Description: Beautiful Cookie Consent Banner [beautiful-and-responsive-cookie-consent] < 2.10.1 WordPress Beautiful Cookie Consent Banner Plugin <= 2.10.0 is vulnerable to Broken Access Control Update the WordPress Beautiful Cookie Consent Banner plugin to the latest available version (at least 2.10.1). Wordfence discovered and reported this Broken Access Control vulnerability in WordPress Beautiful Cookie Consent Banner Plugin. This vulnerability has been fixed in version 2.10.1.
Affected versions: max 2.10.1.
Status: vulnerable

CVE, Research URL: 438c6818-cace-410b-ace3-325e5ea06365
Home page URL: Security reports for Beautiful Cookie Consent Banner
Application: Beautiful Cookie Consent Banner
Date: -
Research Description: Beautiful Cookie Consent Banner [beautiful-and-responsive-cookie-consent] < 2.10.2 Beautiful Cookie Consent Banner < 2.10.2 - Unauthenticated Stored XSS The plugin does not have authorisation and CSRF check when updating its settings, and does not escape some of them when outputting them, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks. An initial fix was released in version 2.10.1, and completed in 2.10.2. Note: The issue is being actively exploited
Affected versions: max 2.10.2.
Status: vulnerable

Jul 05, 2025

CVE, Research URL: CVE-2025-49866
Home page URL: Security reports for Beautiful Cookie Consent Banner
Application: Beautiful Cookie Consent Banner
Date: Jul 04, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikel Beautiful Cookie Consent Banner beautiful-and-responsive-cookie-consent allows Reflected XSS.This issue affects Beautiful Cookie Consent Banner: from n/a through <= 4.6.1.
Affected versions: max 4.6.2.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2022-3823
Home page URL: Security reports for Beautiful Cookie Consent Banner
Application: Beautiful Cookie Consent Banner
Date: Nov 28, 2022
Research Description: The Beautiful Cookie Consent Banner WordPress plugin before 2.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: max 2.9.1.
Status: vulnerable

CVE, Research URL: CVE-2023-3388
Home page URL: Security reports for Beautiful Cookie Consent Banner
Application: Beautiful Cookie Consent Banner
Date: Jun 24, 2023
Research Description: The Beautiful Cookie Consent Banner for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nsc_bar_content_href' parameter in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. A partial patch was made available in 2.10.1 and the issue was fully patched in 2.10.2.
Affected versions: max 2.10.2.
Status: vulnerable