CVE-2023-0823

Name of the Vulnerable Software and Affected Versions Cookie Notice & Compliance for GDPR / CCPA WordPress plugin versions prior to 2.4.7

Description The issue allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks due to the plugin not validating and escaping some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded.

Recommendations For versions prior to 2.4.7, update to version 2.4.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of shortcodes to minimize the risk of exploitation.