cleantalk
Vulnerabilities and Security Researches

Cookie Notice & Compliance for GDPR / CCPA, PSC-2026-64624

PSC, Research URL

PSC-2026-64624

Home page URL

Security reports for Cookie Notice & Compliance for GDPR / CCPA

Application

Cookie Notice & Compliance for GDPR / CCPA

Published on
Feb 27, 2026
Research Description
Cookie notice plugins look “simple”, but they are security-relevant because they influence front-end script execution, store site-wide consent settings, and often expose customization fields that end up rendered for every visitor. If access control, request integrity, or output handling is weak, attackers can aim for stored/reflected XSS in banner content, CSRF-driven settings changes (silently altering consent behavior), or information exposure through misprotected endpoints and diagnostics. Cookie Notice & Compliance for GDPR / CCPA version 2.5.13 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64624, confirming that the plugin was reviewed from a secure code perspective with attention to the most common exploitation paths for cookie notice and consent-management plugins.
Affected versions
Min 2.5.13, max 2.5.13.
Status
SAFE & CERTIFIED
Previous vulnerability researches
DN Simple Cookie Notice (CVE-2025-31840) , Apr 03, 2025
Cookie Notice Bar (CVE-2024-13849) , Feb 22, 2025
GDPR Cookie Notice (CVE-2025-31765) , Apr 03, 2025
Cookie Notice & Consent (CVE-2025-49390) , Nov 11, 2025
Cookie Notice & Consent (CVE-2025-10496) , Nov 11, 2025
New vulnerability
Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form (CVE-2026-25418) , Feb 28, 2026
Image Photo Gallery Final Tiles Grid (CVE-2026-25375) , Feb 28, 2026
Share This Image (CVE-2026-25010) , Feb 28, 2026
Bold Page Builder (CVE-2026-25451) , Feb 28, 2026
Bold Page Builder (CVE-2025-13463) , Feb 28, 2026