EU Cookie Law <= 3.0.6 - Stored Cross-Site Scripting (XSS)



Description
Version 3.1 released a fix, however, it was not sufficient:

 https://plugins.trac.wordpress.org/changeset/2176080

Affects Plugin

References

CVE 2019-16522
URL https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-01_WordPress_Plugin_EU_Cookie_Law

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Tobias Fink (SBA Research)
Views 4239
Verified No
WPVDB ID 9918

Timeline

Publicly Published 2019-10-16 (4 months ago)
Added 2019-10-16 (4 months ago)
Last Updated 2020-02-13 (3 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin