Headline
CVE-2021-36889: WordPress tarteaucitron.js – Cookies legislation & GDPR plugin <= 1.6 - Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities - Patchstack
Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities were discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.6).
tarteaucitronjs
Software
tarteaucitron.js – Cookies legislation & GDPR
Vulnerable Versions
<= 1.6
Fixed in version
1.6.1
CVE
CVE-2021-36889
References
Credits
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Disclosure Date
2021-12-17
CVSS 3.0 score
Requires high role user authentication like admin.
Are your websites subject to this vulnerability?
Details
Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities were discovered by Ex.Mi (Patchstack Red Team) in WordPress tarteaucitron.js – Cookies legislation & GDPR plugin (versions <= 1.6).
Solution
Update the WordPress tarteaucitron.js – Cookies legislation & GDPR plugin to the latest available version (at least 1.6.1).
Found a vulnerability that puts your sites at risk?
Found a vulnerability? Help us secure the web and join our community of ethical hackers.
Are you the developer of this software? Hire our researchers for a thorough security audit.