CVE-2024-8397

Medium CVSS: 5.4

The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Consent report' page and the malicious script is executed in the admin context.

Vendor

Webtoffee

Product

Gdpr Cookie Consent

CWE

CWE-79

Yayın Tarihi

2025-05-15 20:15:58

Güncelleme

2025-06-12 15:36:39

Source Identifier

contact@wpscan.com

KEV Date Added

Kategoriler

CWE-79 Gdpr Cookie Consent MEDIUM Webtoffee 2025

Referanslar

https://wpscan.com/vulnerability/847fbf5d-f7cf-49fd-88bc-d7fa2a8110bd/

Benzer Kayıtlar

Medium

CVE-2024-8286

The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not have CSRF checks in some bulk actions, which co…

Medium

CVE-2025-1769

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Direct…

Low

CVE-2025-1911

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to arbitr…

High

CVE-2025-1912

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Server…

High

CVE-2025-1913

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to PHP Ob…

High

CVE-2025-1971

The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up…