CVE-2019-16522
Last modified
CVE-2019-16522 is a medium-severity vulnerability rated 4.8/10 on the CVSS scale. The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. EPSS estimates a 1.03% chance of exploitation in the next 30 days.
Description
The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. An attacker with high privileges can attack other users.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Eu Cookie Law Project | Eu Cookie Law | <= 3.0.6 |
References
- https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-01_WordPress_Plugin_EU_Cookie_LawExploit, Third Party Advisory
- https://wordpress.org/plugins/eu-cookie-law/#developersProduct, Third Party Advisory
- https://wpvulndb.com/vulnerabilities/9918Third Party Advisory
- https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-01_WordPress_Plugin_EU_Cookie_LawExploit, Third Party Advisory
- https://wordpress.org/plugins/eu-cookie-law/#developersProduct, Third Party Advisory
- https://wpvulndb.com/vulnerabilities/9918Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-16522?
How severe is CVE-2019-16522?
How do I fix CVE-2019-16522?
Are you affected by CVE-2019-16522?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST