← Back

Wordpress Real Cookie Banner

wordpress_real_cookie_banner

Vendor: Devowl • 3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Devowl
1Wordpress Real Cookie Banner
Jun 17, 2026
Jun 2, 2025
N/A· v4
4.8 MEDIUM· v3
N/A· v2
The Real Cookie Banner: GDPR & ePrivacy Cookie Consent WordPress plugin before 5.1.6, real-cookie-banner-pro WordPress plugin before 5.1.6 does not sanitise and escape some of its settings, which could allow high privile...Show more
The Real Cookie Banner: GDPR & ePrivacy Cookie Consent WordPress plugin before 5.1.6, real-cookie-banner-pro WordPress plugin before 5.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
1Devowl
1Wordpress Real Cookie Banner
Jun 17, 2026
Jan 16, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Real Cookie Banner WordPress plugin before 3.4.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to...Show more
The Real Cookie Banner WordPress plugin before 3.4.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins.Show less
1Devowl
1Wordpress Real Cookie Banner
Jun 17, 2026
Mar 7, 2022
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a logged in admin reset t...Show more
The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a logged in admin reset them via a CSRF attackShow less