Critical XSS vulnerability in GDPR Cookie Consent WordPress plugin

On January 28th 2020, NinTechNet researcher Jerome Bruandet discovered a vulnerability affecting GDPR Cookie Consent version 1.8.2 and below.

He discovered the vulnerability and reported it to the wordpress.org team on January 28th 2020 and to the author on February 04th 2020. A new version 1.8.3 was released on February 10th 2020.

This pluginhas more than 700,000 active installations. This makes it a big target for attackers.

It is recommended that GDPR Cookie Consent plugin users make sure they are using the latest version of the software, 1.8.3, to stay protected.

Researchers who discovered it urge WordPress plugin users to update as soon as possible: “This vulnerability has been fixed in version 1.8.3. We recommend that users immediately update to the latest version available,” according to Wordfence.

Please visit https://wordpress.org/plugins/cookie-law-info/ for further information.

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: