cleantalk
Vulnerabilities and Security Researches

Cookie Notice & Consent, CVE-2025-10496

CVE, Research URL

CVE-2025-10496

Home page URL

Security reports for Cookie Notice & Consent

Application

Cookie Notice & Consent

Published on
Oct 09, 2025
Research Description
The Cookie Notice & Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the uuid parameter in all versions up to, and including, 1.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.6.6.
Status
vulnerable
Previous vulnerability researches
DirectoryPress Frontend (CVE-2024-10581) , Feb 16, 2025
DirectoryPress – Business Directory And Classified Ad Listing (CVE-2024-49633) , Jan 09, 2025
DirectoryPress – Business Directory And Classified Ad Listing (CVE-2023-37967) , Jun 10, 2024
DirectoryPress – Business Directory And Classified Ad Listing (CVE-2024-10584) , Dec 25, 2024
DirectoryPress – Business Directory And Classified Ad Listing (CVE-2024-38755) , Jul 15, 2024
New vulnerability
Premmerce Product Search for WooCommerce (CVE-2025-64289) , Nov 11, 2025
Premmerce Product Search for WooCommerce (CVE-2025-64290) , Nov 11, 2025
Premmerce Product Search for WooCommerce (CVE-2025-60194) , Nov 11, 2025
WPC Smart Quick View for WooCommerce (CVE-2025-11741) , Nov 11, 2025
Outdoor (CVE-2025-10743) , Nov 11, 2025