PT-2026-28334 · Unknown+1 · Classic Editor+1
Published
2026-03-26
·
Updated
2026-03-29
·
CVE-2026-2389
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Complianz – GDPR/CCPA Cookie Consent plugin for WordPress versions prior to 7.4.4.3
Description
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is susceptible to Stored Cross-Site Scripting. This occurs because the
revert divs to summary function replaces HTML entities (”) with literal double-quote characters (") in post content without proper sanitization. This allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts into pages. These scripts will execute each time a user accesses the compromised page. The Classic Editor plugin must be installed and activated for exploitation.Recommendations
Update Complianz – GDPR/CCPA Cookie Consent plugin for WordPress to version 7.4.4.3 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Classic Editor
The Complianz – Gdpr/Ccpa Cookie Consent