cleantalk
Vulnerabilities and Security Researches

Beautiful Cookie Consent Banner, d2a445136d1a6be962e15c0f78eb6c325db3e7c4

CVE, Research URL

d2a445136d1a6be962e15c0f78eb6c325db3e7c4

Home page URL

Security reports for Beautiful Cookie Consent Banner

Application

Beautiful Cookie Consent Banner

Published on
Jan 31, 2023
Research Description
Beautiful Cookie Consent Banner [beautiful-and-responsive-cookie-consent] < 2.10.1 Beautiful Cookie Consent Banner <= 2.10.0 - Missing Authorization to Settings Update The Beautiful Cookie Consent Banner plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the nsc_bar_save_submitted_form_fields() function called via and admin_init hook in versions up to, and including, 2.10.0. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts. Please note this is still vulnerable to Cross-Site Request Forgery attacks.
Affected versions
max 2.10.1.
Status
vulnerable
Previous vulnerability researches
Axact Author List Widget (64c0451c94de7e0131133a488609353b793f2348) , Jun 07, 2024
Axact Author List Widget (CVE-2025-22514) , Jan 15, 2025
Axact Author List Widget (b36562836dd76568d374ac032aa3b6cad3c82287) , Jun 16, 2026
Axact Author List Widget (f2497798-90dd-4f93-b6ff-31e02f8ca6fc) , Jun 16, 2026
New vulnerability
WP Post Author &#8211; Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including Use (1e5e11558113028f36d2378e9333ef8cce6f0104) , Jun 16, 2026
Custom Twitter Feeds &#8211; A Tweets Widget or X Feed Widget (63d036bf8354801dd02167b4cc6a671f96fb03ce) , Jun 16, 2026
Apocalypse Meow (6d0f45cf-a122-491a-b192-aa627f038466) , Jun 16, 2026
Apocalypse Meow (1d6c5916ca7170b948b6a9c3db0c28c78a8ea6d6) , Jun 16, 2026
Universal Analytics (2c6d7344f08e98632155545123abe642fbb8ecb2) , Jun 16, 2026