WP GDPR Compliance <= 2.0.7 is vulnerable to Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated

Published
2022-02-20

The Cookie Information | Free GDPR Consent Solution WordPress plugin before 2.0.8 does not escape user data before outputting it back in attributes in the admin dashboard, leading to a Reflected Cross-Site Scripting issue

CVE

https://www.cve.org/CVERecord?id=CVE-2022-0147

CVSS

Score:6.1

Severity:Medium

Version: 2.0.7

There is a patch available in v2.0.8 and we strongly recommend you update to this version as soon as possible.