CVE-2021-36887

Name of the Vulnerable Software and Affected Versions tarteaucitron.js – Cookies legislation & GDPR WordPress plugin versions <= 1.5.4

Description A Cross-Site Request Forgery (CSRF) issue has been found, which can lead to Cross-Site Scripting (XSS). The tarteaucitronEmail and tarteaucitronPass parameters are vulnerable.

Recommendations For versions <= 1.5.4, update to a version greater than 1.5.4 to resolve the issue. As a temporary workaround, consider restricting access to the parameters tarteaucitronEmail and tarteaucitronPass to minimize the risk of exploitation.