cleantalk
Vulnerabilities and Security Researches

Cookie Notice Bar, CVE-2024-13849

CVE, Research URL

CVE-2024-13849

Home page URL

Security reports for Cookie Notice Bar

Application

Cookie Notice Bar

Published on
Feb 20, 2025
Research Description
The Cookie Notice Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
Min -, max 1.3.0.
Status
vulnerable
Previous vulnerability researches
Cookie Notice Bar (CVE-2024-13849) , Feb 22, 2025
Notice Bar (CVE-2025-49389) , Aug 23, 2025
Notice Bar (CVE-2023-41847) , Jun 07, 2024
New vulnerability
Support Ticket (CVE-2025-49422) , Aug 24, 2025
Risk Free Cash On Delivery (COD) – WooCommerce (CVE-2025-48358) , Aug 24, 2025
WP Talroo (CVE-2025-8281) , Aug 24, 2025
Simple Statistics for Feeds (CVE-2025-57892) , Aug 24, 2025
WP Filter & Combine RSS Feeds (CVE-2025-7828) , Aug 24, 2025