I just got a notice that the plugin
GDPR Cookie Consent
has a XSS vulnerability in it. Just released today:
This entry was posted in Vulnerabilities, WordPress Security on February 11, 2020 by Matt Barry 0 Replies
Description: Improper Access Controls
Affected Plugin: GDPR Cookie Consent
Affected Versions: <= 1.8.2
CVSS Score: 9.0 (Critical)
CVSS Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Patched Version: 1.8.3
Affected Plugin: GDPR Cookie Consent
Affected Versions: <= 1.8.2
CVSS Score: 9.0 (Critical)
CVSS Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Patched Version: 1.8.3
If you are using this plugin, you will want to upgrade to version 1.8.3 immediately. If you want the details of the vulnerability and how it works, you can read the rest of the long post here:
or search it out on the WordFence blog.
Thanks for visiting. Share this information with your developer friends! 🙂
Recent Comments