cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forreal-cookie-banner real-cookie-banner

Direction: descending
Jun 04, 2025

Real Cookie Banner: GDPR & ePrivacy Cookie Consent # CVE-2025-1485

CVE, Research URL

CVE-2025-1485

Home page URL

Security reports for Real Cookie Banner: GDPR & ePrivacy Cookie Consent

Application

Real Cookie Banner: GDPR & ePrivacy Cookie Consent

Date
Jun 02, 2025
Research Description
The Real Cookie Banner: GDPR & ePrivacy Cookie Consent WordPress plugin before 5.1.6, real-cookie-banner-pro WordPress plugin before 5.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions
Min -, max -.
Status
vulnerable
Jun 07, 2024

Real Cookie Banner: GDPR & ePrivacy Cookie Consent # CVE-2022-4507

CVE, Research URL

CVE-2022-4507

Home page URL

Security reports for Real Cookie Banner: GDPR & ePrivacy Cookie Consent

Application

Real Cookie Banner: GDPR & ePrivacy Cookie Consent

Date
Jan 16, 2023
Research Description
The Real Cookie Banner WordPress plugin before 3.4.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins.
Affected versions
Min -, max -.
Status
vulnerable

Real Cookie Banner: GDPR & ePrivacy Cookie Consent # CVE-2022-0445

CVE, Research URL

CVE-2022-0445

Home page URL

Security reports for Real Cookie Banner: GDPR & ePrivacy Cookie Consent

Application

Real Cookie Banner: GDPR & ePrivacy Cookie Consent

Date
Mar 07, 2022
Research Description
The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a logged in admin reset them via a CSRF attack
Affected versions
Min -, max -.
Status
vulnerable