GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent), CVE-2025-1621

CVE, Research URL: CVE-2025-1621
Home page URL: Security reports for GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent)
Application: GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent)
Published on: Mar 16, 2025
Research Description: The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: Min -, max 4.15.7.
Status: vulnerable