Webtoffee GDPR Cookie Consent

CVEs (2)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2024-8397	Webtoffee Webtoffee GDPR Cookie Consent		0.00	—	0.00		May 15, 2025	The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Consent report' page and…
CVE-2024-8286	WordPress Webtoffee GDPR Cookie Consent		0.00	—	0.00		May 15, 2025	The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting visit logs via CSRF attacks

CVE-2024-8397May 15, 2025
Webtoffee
Webtoffee GDPR Cookie Consent
risk 0.00cvss —epss 0.00
The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Consent report' page and…
CVE-2024-8286May 15, 2025
WordPress
Webtoffee GDPR Cookie Consent
risk 0.00cvss —epss 0.00
The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting visit logs via CSRF attacks