Stored Cross-Site Scripting Vulnerability in GDPR Cookie Compliance Plugin for WordPress

CVE-2025-1622

What is CVE-2025-1622?

The GDPR Cookie Compliance WordPress plugin prior to version 4.15.7 contains a vulnerability due to inadequate sanitization and escaping of certain settings. This loophole could enable users with high privileges, such as administrators, to execute Stored Cross-Site Scripting attacks. Even in configurations where the unfiltered_html capability is restricted, such as in multisite setups, the security oversight remains a significant concern for website integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References