Critical XSS vulnerability in GDPR Cookie Consent WordPress plugin
On January 28th 2020, NinTechNet researcher Jerome Bruandet discovered a vulnerability affecting GDPR Cookie Consent version 1.8.2 and below.
He discovered the vulnerability and reported it to the wordpress.org team on January 28th 2020 and to the author on February 04th 2020. A new version 1.8.3 was released on February 10th 2020.
This pluginhas more than 700,000 active installations. This makes it a big target for attackers.
It is recommended that GDPR Cookie Consent plugin users make sure they are using the latest version of the software, 1.8.3, to stay protected.
Researchers who discovered it urge WordPress plugin users to update as soon as possible: “This vulnerability has been fixed in version 1.8.3. We recommend that users immediately update to the latest version available,” according to Wordfence.
Please visit https://wordpress.org/plugins/cookie-law-info/ for further information.
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.
The cookies on the website locate users in various ways via IP address belonging to the user is often gathered, stored and shared. And merely the behaviours of users across the websites. The IP address can be accounted as the personal data by the EU’s GDPR.
gdpr cookie consent