Gdpr Cookie Consent
Approved changes feed: RSS · Atom
cpe:2.3:a:webtoffee:gdpr_cookie_consent:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Webtoffee (e4f96395-4c7d-5ae2-a626-a2bd0042f0d9) |
|---|---|
| Product | Gdpr Cookie Consent (9d2f16f6-9926-5da8-9022-9a26921cb85f) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-8397 |
vulnerable | 2026-06-03 14:58:18.337126 |
GDPR Cookie Consent <= 2.6.0 - Unauthenticated Stored XSS
The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Consent report' page and the malicious script is executed in the admin context.
Published: 2025-05-15T20:07:15.179Z
Updated: 2025-05-17T03:18:29.042Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8286 |
vulnerable | 2026-06-03 14:58:18.016927 |
GDPR Cookie Consent <= 2.6.0 - Bulk Delete via CSRF
The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting visit logs via CSRF attacks
Published: 2025-05-15T20:07:14.783Z
Updated: 2025-05-17T03:20:31.865Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.