Real Cookie Banner: GDPR & ePrivacy Cookie Consent, CVE-2025-1485

CVE, Research URL: CVE-2025-1485
Home page URL: Security reports for Real Cookie Banner: GDPR & ePrivacy Cookie Consent
Application: Real Cookie Banner: GDPR & ePrivacy Cookie Consent
Published on: Jun 02, 2025
Research Description: The Real Cookie Banner: GDPR & ePrivacy Cookie Consent WordPress plugin before 5.1.6, real-cookie-banner-pro WordPress plugin before 5.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: Min -, max 5.1.6.
Status: vulnerable

Real Cookie Banner: GDPR &amp; ePrivacy Cookie Consent, CVE-2025-1485