Medium severity6.1NVD Advisory· Published Dec 20, 2021· Updated Jun 17, 2026
CVE-2021-36887
CVE-2021-36887
Description
Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.5.4), vulnerable parameters "tarteaucitronEmail" and "tarteaucitronPass".
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=1.5.4
- Tarteaucitron/tarteaucitron.js – Cookies legislation & GDPR (WordPress plugin)v5Range: <= 1.5.4
Patches
Vulnerability mechanics
References
2- patchstack.com/database/vulnerability/tarteaucitronjs/wordpress-tarteaucitron-js-cookies-legislation-gdpr-plugin-1-5-4-cross-site-request-forgery-csrf-vulnerability-leading-to-cross-site-scripting-xssnvdExploitThird Party Advisory
- wordpress.org/plugins/tarteaucitronjs/nvdRelease NotesThird Party Advisory
News mentions
0No linked articles in our index yet.