cleantalk
Vulnerabilities and Security Researches

tarteaucitron.js – Cookies legislation & GDPR, CVE-2021-36887

CVE, Research URL

CVE-2021-36887

Home page URL

Security reports for tarteaucitron.js – Cookies legislation & GDPR

Application

tarteaucitron.js – Cookies legislation & GDPR

Published on
Dec 21, 2021
Research Description
Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.5.4), vulnerable parameters "tarteaucitronEmail" and "tarteaucitronPass".
Affected versions
Min -, max 1.6.
Status
vulnerable
Previous vulnerability researches
tarteaucitron.js &#8211; Cookies legislation &amp; GDPR (CVE-2025-4955) , Jun 30, 2025
tarteaucitron.js &#8211; Cookies legislation &amp; GDPR (CVE-2021-36889) , Jun 07, 2024
tarteaucitron.js &#8211; Cookies legislation &amp; GDPR (CVE-2021-36887) , Jun 07, 2024
New vulnerability
WP SoundSystem (CVE-2025-6258) , Jun 30, 2025
Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes (CVE-2025-49973) , Jun 30, 2025
Post Carousel Slider for Elementor (CVE-2025-3863) , Jun 30, 2025
WP User Stylesheet Switcher (CVE-2025-52792) , Jun 30, 2025
Easy FancyBox &#8211; WordPress Lightbox Plugin (CVE-2025-52707) , Jun 30, 2025