CVE-2019-16522: XSS
First published: Wed Oct 16 2019(Updated: )
The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. An attacker with high privileges can attack other users.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| EU Cookie Law | <=3.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-16522?
CVE-2019-16522 is considered a medium severity vulnerability that allows for Stored XSS attacks.
How do I fix CVE-2019-16522?
To fix CVE-2019-16522, update the EU Cookie Law WordPress plugin to version 3.0.7 or later.
What types of user data are affected by CVE-2019-16522?
CVE-2019-16522 can potentially expose user data through XSS via the cookie consent message displayed on the frontend.
Which software versions are affected by CVE-2019-16522?
CVE-2019-16522 affects all versions of EU Cookie Law for WordPress up to and including 3.0.6.
Can CVE-2019-16522 be exploited by unauthenticated users?
Yes, CVE-2019-16522 can be exploited by unauthenticated users if they get access to the affected cookie consent message.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/eu cookie law project
- canonical/eu cookie law
- version/eu cookie law/3.0.6