cleantalk
Vulnerabilities and Security Researches

Cookie Notice & Consent, CVE-2025-10496

CVE, Research URL

CVE-2025-10496

Home page URL

Security reports for Cookie Notice & Consent

Application

Cookie Notice & Consent

Published on
Oct 09, 2025
Research Description
The Cookie Notice & Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the uuid parameter in all versions up to, and including, 1.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.6.6.
Status
vulnerable
Previous vulnerability researches
One Click Accessibility (CVE-2025-32640) , Apr 10, 2025
One Click Accessibility (CVE-2025-10700) , Nov 10, 2025
New vulnerability
WPC Smart Quick View for WooCommerce (CVE-2025-11741) , Nov 11, 2025
Outdoor (CVE-2025-10743) , Nov 11, 2025
WP AD Gallery (CVE-2025-11834) , Nov 11, 2025
MSTW CSV EXPORTER (CVE-2025-62944) , Nov 11, 2025
TopBar (CVE-2025-10300) , Nov 11, 2025