Cross-site Scripting Vulnerability in GDPR Info Cookie Notice & Consent Banner by GDPR & CCPA Compliance
CVE-2025-58607

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Cookie Notice & Consent Banner For Gdpr & Ccpa Compliance
Vendor: CVE Published:; 3 September 2025

What is CVE-2025-58607?

The GDPR Info Cookie Notice & Consent Banner for GDPR & CCPA Compliance suffers from a Cross-site Scripting (XSS) vulnerability due to inadequate input sanitization during web page generation. This flaw enables attackers to execute malicious scripts in the context of user's browsers, potentially leading to data theft and unauthorized access. The vulnerability affects versions of the product up to 1.7.11, highlighting the importance of applying relevant security updates to mitigate threats.

Affected Version(s)

Cookie Notice & Consent Banner for GDPR & CCPA Compliance <= 1.7.11

References

https://patchstack.com/database/wordpress/plugin/cookie-n...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 3, 2025
Vulnerability Reserved
Sep 3, 2025

Credit

zaim (Patchstack Alliance)