Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-4507 | 1 Devowl | 1 Wordpress Real Cookie Banner | 2023-01-25 | N/A | 5.4 MEDIUM |
The Real Cookie Banner WordPress plugin before 3.4.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. | |||||
CVE-2022-0445 | 1 Devowl | 1 Wordpress Real Cookie Banner | 2022-03-11 | 4.3 MEDIUM | 6.5 MEDIUM |
The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a logged in admin reset them via a CSRF attack |