CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6498 – Complianz | GDPR/CCPA Cookie Consent <= 6.5.5 - Authenticated(Administrator+) Stored Cross-site Scripting via settings
https://notcve.org/view.php?id=CVE-2023-6498
03 Jan 2024 — The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 6.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3009228%40complianz-gdpr&new=3009228%40complianz-gdpr&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34030 – WordPress Complianz and Complianz Premium plugins - Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-34030
30 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Request Forgery.This issue affects Complianz: from n/a through 6.4.5; Complianz Premium: from n/a through 6.4.7. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium permite la Cross-Site Request Forgery. Este problema afecta a Complianz: desde n/a hasta 6.4.5; Complianz Premium: desde n/a hast... • https://patchstack.com/database/vulnerability/complianz-gdpr-premium/wordpress-complianz-premium-plugin-6-4-7-multiple-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-33333 – WordPress Complianz and Complianz Premium plugins - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-33333
12 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Scripting (XSS).This issue affects Complianz: from n/a through 6.4.4; Complianz Premium: from n/a through 6.4.6.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium permite Cross-Site Scripting (XSS). Este problema afecta a Complianz: desde n/a hasta 6.4.4; Complianz Premium: desde n/a hasta... • https://patchstack.com/database/vulnerability/complianz-gdpr-premium/wordpress-complianz-premium-plugin-6-4-6-1-csrf-to-site-wide-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 1CVE-2023-1069 – Complianz - GDPR/CCPA Cookie Consent < 6.4.2 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-1069
06 Mar 2023 — The Complianz WordPress plugin before 6.4.2, Complianz Premium WordPress plugin before 6.4.2 do not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks The Complianz - GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 6.4.1 due t... • https://wpscan.com/vulnerability/caacc50c-822e-46e9-bc0b-681349fd0dda • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-3494 – Complianz (Free < 6.3.4, Premium < 6.3.6) - Translator SQLi
https://notcve.org/view.php?id=CVE-2022-3494
17 Oct 2022 — The Complianz WordPress plugin before 6.3.4, and Complianz Premium WordPress plugin before 6.3.6 allow a translators to inject arbitrary SQL through an unsanitized translation. SQL can be injected through an infected translation file, or by a user with a translator role through translation plugins such as Loco Translate or WPML. El complemento Complianz WordPress anterior a 6.3.4 y el complemento Complianz Premium WordPress anterior a 6.3.6 permiten a los traductores inyectar SQL arbitrario a través de una ... • https://wpscan.com/vulnerability/71db75c0-5907-4237-884f-8db88b1a9b34 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0193 – Complianz - GDPR/CCPA Cookie Consent < 6.0.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-0193
17 Jan 2022 — The Complianz WordPress plugin before 6.0.0 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting El plugin Complianz de WordPress versiones anteriores a 6.0.0, no escapa el parámetro s antes de devolverlo en un atributo en una página de administración, conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://plugins.trac.wordpress.org/changeset/2654225 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •