The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Consent report' page and the malicious script is executed in the admin context.
References
Configurations
No configuration.
History
17 May 2025, 04:16
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
16 May 2025, 14:42
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
15 May 2025, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-05-15 20:15
Updated : 2025-05-17 04:16
NVD link : CVE-2024-8397
Mitre link : CVE-2024-8397
CVE.ORG link : CVE-2024-8397
JSON object : View
Products Affected
No product.
CWE
No CWE.