WordPress Plugin Vulnerabilities
Responsive Cookie Consent <= 1.7 - Authenticated Stored Cross-Site Scripting (XSS)
Description
A persistent cross-site scripting vulnerability has been found in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in the victim's browser when they visit the web site.
Tested on version 1.5, 1.6 and 1.7 (older versions may also be affected)
Proof of Concept
1) Access WordPress control panel. 2) Navigate to the Responsive Cookie Consent plugin page. 3) Select one of the input fields. For example, "Cookie Bar Border Bottom Size". 4) Insert the script you wish to inject. 5) Save the plugin settings. 6) Injected script will run in the victim user's browser. Depending on which input field you inserted the script, the script may also run everytime you load the Responsive Cookie Consent plugin page.
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Submitter
B0UG
Verified
No
WPVDB ID
Timeline
Publicly Published
2018-04-24 (about 6 years ago)
Added
2018-04-26 (about 6 years ago)
Last Updated
2020-09-22 (about 3 years ago)