Vulnerabilities and security researches fortarteaucitronjs tarteaucitronjs

Jun 07, 2024

CVE, Research URL: CVE-2021-36889
Home page URL: Security reports for tarteaucitron.js – Cookies legislation & GDPR
Application: tarteaucitron.js – Cookies legislation & GDPR
Date: Dec 21, 2021
Research Description: Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities were discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.6).
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-36887
Home page URL: Security reports for tarteaucitron.js – Cookies legislation & GDPR
Application: tarteaucitron.js – Cookies legislation & GDPR
Date: Dec 21, 2021
Research Description: Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.5.4), vulnerable parameters "tarteaucitronEmail" and "tarteaucitronPass".
Affected versions: Min -, max -.
Status: vulnerable

Jun 30, 2025

CVE, Research URL: CVE-2025-4955
Home page URL: Security reports for tarteaucitron.js – Cookies legislation & GDPR
Application: tarteaucitron.js – Cookies legislation & GDPR
Date: Jun 18, 2025
Research Description: The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above to perform Stored Cross-site Scripting attacks.
Affected versions: Min -, max -.
Status: vulnerable