Vulnerabilities and security researches forbeautiful-and-responsive-cookie-consent beautiful-and-responsive-cookie-consent

Jul 05, 2025

CVE, Research URL: CVE-2025-49866
Home page URL: Security reports for Beautiful Cookie Consent Banner
Application: Beautiful Cookie Consent Banner
Date: Jul 04, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikel Beautiful Cookie Consent Banner allows Reflected XSS. This issue affects Beautiful Cookie Consent Banner: from n/a through 4.6.1.
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2022-3823
Home page URL: Security reports for Beautiful Cookie Consent Banner
Application: Beautiful Cookie Consent Banner
Date: Nov 28, 2022
Research Description: The Beautiful Cookie Consent Banner WordPress plugin before 2.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-3388
Home page URL: Security reports for Beautiful Cookie Consent Banner
Application: Beautiful Cookie Consent Banner
Date: Jun 24, 2023
Research Description: The Beautiful Cookie Consent Banner for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nsc_bar_content_href' parameter in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. A partial patch was made available in 2.10.1 and the issue was fully patched in 2.10.2.
Affected versions: Min -, max -.
Status: vulnerable