CVE-2022-3399

Name of the Vulnerable Software and Affected Versions Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress versions up to, and including, 2.4.17.1

Description The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute when a user accesses the injected /wp-admin/admin.php?page=cookie-notice page. The issue affects multi-site installations and installations where unfiltered html has been disabled.

Recommendations For versions up to, and including, 2.4.17.1, update to a version higher than 2.4.17.1 to resolve the issue. As a temporary workaround, consider restricting access to the cookie notice options[refuse code head] parameter and the /wp-admin/admin.php?page=cookie-notice page to minimize the risk of exploitation.