VYPR

Real Cookie Banner

by WordPress

Source repositories

CVEs (4)

  • CVE-2025-12136MedOct 24, 2025
    risk 0.37cvss 6.8epss 0.00

    The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.2.4. This is due to insufficient validation on the user-supplied URL in the '/scanner/scan-without-login' REST API…

  • CVE-2025-1485Jun 2, 2025
    risk 0.00cvss epss 0.00

    The Real Cookie Banner: GDPR & ePrivacy Cookie Consent WordPress plugin before 5.1.6, real-cookie-banner-pro WordPress plugin before 5.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…

  • CVE-2022-4507Jan 16, 2023
    risk 0.00cvss epss 0.01

    The Real Cookie Banner WordPress plugin before 3.4.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against…

  • CVE-2022-0445Mar 7, 2022
    risk 0.00cvss epss 0.01

    The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a logged in admin reset them via a CSRF attack