CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1620 – GDPR Cookie Compliance < 4.15.7 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2025-1620
23 Feb 2025 — The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice – CCPA, DSGVO, RGPD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and includin... • https://wpscan.com/vulnerability/923db805-92e7-4489-8e57-374a19f817d7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1621 – GDPR Cookie Compliance < 4.15.7 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2025-1621
23 Feb 2025 — The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice – CCPA, DSGVO, RGPD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and includin... • https://wpscan.com/vulnerability/c30b9631-2024-4081-9cc5-8294a77c5ebb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1622 – GDPR Cookie Compliance < 4.15.7 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2025-1622
23 Feb 2025 — The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice – CCPA, DSGVO, RGPD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and includin... • https://wpscan.com/vulnerability/7a903d61-2792-4fe0-a26b-f400f4a3124b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1623 – GDPR Cookie Compliance < 4.15.9 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2025-1623
23 Feb 2025 — The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice – CCPA, DSGVO, RGPD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and includin... • https://wpscan.com/vulnerability/40288fa0-50c6-4e13-9b92-968b060d3bf5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1624 – GDPR Cookie Compliance < 4.15.9 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2025-1624
23 Feb 2025 — The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice – CCPA, DSGVO, RGPD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and includin... • https://wpscan.com/vulnerability/2f4a402a-97f6-4638-9ce0-456ccd5606e9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13884 – Limit Bio <= 1.0 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-13884
20 Feb 2025 — The Limit Bio WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin The Limit Bio plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha... • https://wpscan.com/vulnerability/759a60ac-c890-4961-91e4-53db5096eb3c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13885 – WP E Customers <= 0.0.1 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-13885
20 Feb 2025 — The WP e-Customers Beta WordPress plugin through 0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. The WP e-Customers Beta plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary... • https://wpscan.com/vulnerability/b64d17d6-8416-476e-ad78-b7b9cb85b84f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13891 – Schedule <= 1.0.0 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-13891
20 Feb 2025 — The Schedule WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin The Schedule plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages t... • https://wpscan.com/vulnerability/58c8b73c-3a29-4a66-9b2e-f24b5c2769ac • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1486 – WoWPth <= 2.0 - Reflected XSS
https://notcve.org/view.php?id=CVE-2025-1486
20 Feb 2025 — The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin The WoWPth plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that exec... • https://wpscan.com/vulnerability/182ecda8-3385-4f9f-a917-efdeb237247c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1487 – WoWPth <= 2.0 - Reflected XSS
https://notcve.org/view.php?id=CVE-2025-1487
20 Feb 2025 — The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin The WoWPth plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that exec... • https://wpscan.com/vulnerability/9c683c2e-4f7f-4862-b844-6bdc3d1885dd • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •