CVE-2025-1622

Name of the Vulnerable Software and Affected Versions: GDPR Cookie Compliance WordPress plugin versions prior to 4.15.7

Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks due to insufficient input sanitization and output escaping of some settings. This can occur even when the unfiltered html capability is disallowed, for example, in multisite setups. Authenticated attackers with administrator-level permissions can inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Recommendations: For versions prior to 4.15.7, update to version 4.15.7 or later to resolve the issue. As a temporary workaround, consider restricting access to admin settings to minimize the risk of exploitation.