ThreatPress

WordPress Vulnerabilities Database

Back

WordPress EU Cookie Law plugin <= 3.0.6 - Stored Cross-Site Scripting (XSS) vulnerability

Product
EU Cookie Law (GDPR)
Description
Stored Cross-Site Scripting (XSS) vulnerability found by Tobias Fink (SBA Research) in WordPress EU Cookie Law plugin (versions <= 3.0.6).
Solution
17 October 2019 - we were unable to find a patched version of this plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
CVE
Name CVE-2019-16522
Versions
Affected In <= 3.0.6
Disclosure date
2019-10-17
Credits
Tobias Fink (SBA Research)
Submitter
ThreatPress