Stored Cross-Site Scripting Vulnerability in GDPR Cookie Compliance Plugin

CVE-2025-1624

What is CVE-2025-1624?

The GDPR Cookie Compliance WordPress plugin, prior to version 4.15.9, has a vulnerability due to improper sanitization and escaping of certain settings. This flaw enables high-privilege users, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks. This is particularly concerning in environments where the unfiltered_html capability is restricted, such as multisite setups, allowing potential attackers to inject malicious scripts into the application.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References