Vulnerabilities (CVE)

Filtered by vendor Eu Cookie Law Project Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-3811 1 Eu Cookie Law Project 1 Eu Cookie Law 2024-02-28 N/A 4.8 MEDIUM
The EU Cookie Law for GDPR/CCPA WordPress plugin through 3.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2019-16522 1 Eu Cookie Law Project 1 Eu Cookie Law 2024-02-28 3.5 LOW 4.8 MEDIUM
The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. An attacker with high privileges can attack other users.