cleantalk
Vulnerabilities and Security Researches

Cookie Notice & Compliance for GDPR / CCPA, CVE-2023-0823

CVE, Research URL

CVE-2023-0823

Home page URL

Security reports for Cookie Notice & Compliance for GDPR / CCPA

Application

Cookie Notice & Compliance for GDPR / CCPA

Published on
Mar 27, 2023
Research Description
The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.4.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Affected versions
max 2.4.7.
Status
vulnerable
Previous vulnerability researches
DN Simple Cookie Notice (CVE-2025-31840) , Apr 03, 2025
Cookie Notice Bar (CVE-2024-13849) , Feb 22, 2025
GDPR Cookie Notice (CVE-2025-31765) , Apr 03, 2025
Cookie Notice & Consent (CVE-2025-49390) , Nov 11, 2025
Cookie Notice & Consent (CVE-2025-10496) , Nov 11, 2025
New vulnerability
Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form (CVE-2026-25418) , Feb 28, 2026
Image Photo Gallery Final Tiles Grid (CVE-2026-25375) , Feb 28, 2026
Share This Image (CVE-2026-25010) , Feb 28, 2026
Bold Page Builder (CVE-2026-25451) , Feb 28, 2026
Bold Page Builder (CVE-2025-13463) , Feb 28, 2026