CVE-2023-41948: WordPress Cookie Notice & Consent Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS)
First published: Mon Sep 25 2023(Updated: )
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christoph Rado Cookie Notice & Consent plugin <= 1.6.0 versions.
Credit: audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Christophrado Cookie Notice & Consent | <=1.6.0 |
Remedy
Update to 1.6.1 or a higher version.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-41948.
What is the severity of CVE-2023-41948?
The severity of CVE-2023-41948 is medium with a score of 4.8.
What is the affected software for CVE-2023-41948?
The affected software for CVE-2023-41948 is Christoph Rado Cookie Notice & Consent plugin versions up to and including 1.6.0.
What is the Common Weakness Enumeration (CWE) ID for CVE-2023-41948?
The Common Weakness Enumeration (CWE) ID for CVE-2023-41948 is 79.
How can I fix CVE-2023-41948?
To fix CVE-2023-41948, update Christoph Rado Cookie Notice & Consent plugin to version 1.6.1 or higher.
- agent/type
- agent/softwarecombine
- agent/title
- agent/remedy
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- vendor/christophrado
- canonical/christophrado cookie notice & consent
- version/christophrado cookie notice & consent/1.6.0