I find this vulnerability hilarious
« The GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice – CCPA, DSGVO, RGPD plugin for WordPress is vulnerable to Stored Cross-Site Scripting »
Often, websites only use cookies necessary for normal operation and don’t require explicit user consent. However, some legal teams insist on having it “to be on the safe side.” Now it’s very safe indeed. ;-)
This particular vulnerability isn’t a big deal since it requires admin rights on WordPress to inject. If you’re already an admin, you can do worse things. The only advantage for attackers is that the injection spreads everywhere.
#infosec #gdpr #cybersecurity #vulnerability #wordpress
https://vulnerability.circl.lu/vuln/CVE-2025-2205