cleantalk
Vulnerabilities and Security Researches

Beautiful Cookie Consent Banner, 2dd3fb0b905f60f848fe32e6ae8b96677a4c964a

CVE, Research URL

2dd3fb0b905f60f848fe32e6ae8b96677a4c964a

Home page URL

Security reports for Beautiful Cookie Consent Banner

Application

Beautiful Cookie Consent Banner

Published on
Jan 31, 2023
Research Description
Beautiful Cookie Consent Banner [beautiful-and-responsive-cookie-consent] < 2.10.1 Beautiful Cookie Consent Banner <= 2.10.1 - Unauthenticated Stored Cross-Site Scripting The Beautiful Cookie Consent Banner for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nsc_bar_content_href' parameter in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. A partial patch was made available in 2.10.1 and the issue was fully patched in 2.10.2.
Affected versions
max 2.10.1.
Status
vulnerable
Previous vulnerability researches
WordPress Connect (feaf7c04-4991-4c34-bfbf-d849a9e38599) , Jun 16, 2026
WordPress Connect (5b2d1beeae1454c4c4f60eac4f084fd504540b28) , Jun 16, 2026
WordPress Connect (b326cdbf2040aa8eeb688f951965600d9b290062) , Jun 06, 2024
New vulnerability
WP Attachment Export (d701aac7e487f87dedd3707d46ee92d11bf562fb) , Jun 16, 2026
Alley Business Toolkit (87154e111b969556cb336890f4d16d5782634526) , Jun 16, 2026
Alley Business Toolkit (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
Copy or Move Comments (d65776e8-5383-4b0a-82f6-c53751ea882c) , Jun 16, 2026
Copy or Move Comments (24f8cdac9228df7523d58ed6ae2a9ef029ffe0ea) , Jun 16, 2026