Moderate severityNVD Advisory· Published Mar 27, 2023· Updated Feb 18, 2025
Complianz - GDPR/CCPA Cookie Consent < 6.4.2 - Contributor+ Stored XSS
CVE-2023-1069
Description
The Complianz WordPress plugin before 6.4.2, Complianz Premium WordPress plugin before 6.4.2 do not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
really-simple-plugins/complianz-gdprPackagist | < 6.4.2 | 6.4.2 |
Affected products
2- Range: 0
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- wpscan.com/vulnerability/caacc50c-822e-46e9-bc0b-681349fd0ddaghsaexploitvdb-entrytechnical-descriptionWEB
- github.com/advisories/GHSA-7j4m-f87g-5r9rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-1069ghsaADVISORY
- github.com/Really-Simple-Plugins/complianz-gdpr/commit/e6c2c386cadb78f8cdcded1b000cbd38bd9ff043ghsaWEB
- www.github.com/Really-Simple-Plugins/complianz-gdprghsaWEB
News mentions
0No linked articles in our index yet.