cleantalk
Vulnerabilities and Security Researches

Cookie Notice & Consent, ef7eb3a1f8ceb3e74177520366ebf799e8492b1a

CVE, Research URL

ef7eb3a1f8ceb3e74177520366ebf799e8492b1a

Home page URL

Security reports for Cookie Notice & Consent

Application

Cookie Notice & Consent

Published on
Sep 05, 2023
Research Description
Cookie Notice &amp; Consent [cookie-notice-consent] < 1.6.1 Cookie Notice & Consent 1.6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting The Cookie Notice & Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
max 1.6.1.
Status
vulnerable
Previous vulnerability researches
Cookie Notice &amp; Consent (CVE-2025-49390) , Nov 11, 2025
Cookie Notice &amp; Consent (CVE-2025-10496) , Nov 11, 2025
Cookie Notice &amp; Consent (CVE-2023-41948) , Jun 07, 2024
Cookie Notice &amp; Consent (ef7eb3a1f8ceb3e74177520366ebf799e8492b1a) , Jun 07, 2024
New vulnerability
JB News Ticker (CVE-2025-11804) , Nov 11, 2025
My auctions allegro (CVE-2025-10048) , Nov 11, 2025
Sertifier Certificates &amp; Open Badges &#8211; Tutor LMS (CVE-2025-53214) , Nov 11, 2025
Toast Mobile Menu &#8211; PageSpeed Insights Friendly (CVE-2025-53238) , Nov 11, 2025
Stripe Payment forms for WordPress Plugin – WP Full Pay (CVE-2025-9322) , Nov 11, 2025