{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-2205", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-03-11T14:31:48.682Z", "datePublished": "2025-03-12T03:21:26.642Z", "dateUpdated": "2026-04-08T16:46:25.963Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:46:25.963Z"}, "affected": [{"vendor": "mooveagency", "product": "GDPR Cookie Compliance \u2013 Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.15.6", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The GDPR Cookie Compliance \u2013 Cookie Banner, Cookie Consent, Cookie Notice \u2013 CCPA, DSGVO, RGPD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.15.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."}], "title": "GDPR Cookie Compliance <= 4.15.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/37da32e4-48a1-4830-a47c-c454d60c9811?source=cve"}, {"url": "https://wpscan.com/vulnerability/7a903d61-2792-4fe0-a26b-f400f4a3124b/"}, {"url": "https://research.cleantalk.org/cve-2025-1622/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", "baseScore": 4.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Dmitrii Ignatyev"}], "timeline": [{"time": "2025-02-23T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-12T13:40:56.219087Z", "id": "CVE-2025-2205", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-12T13:41:08.562Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2205", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-12T13:40:56.219087Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-12T13:41:03.296Z"}}], "cna": {"title": "GDPR Cookie Compliance <= 4.15.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "Dmitrii Ignatyev"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "mooveagency", "product": "GDPR Cookie Compliance \u2013 Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "4.15.6"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-02-23T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/37da32e4-48a1-4830-a47c-c454d60c9811?source=cve"}, {"url": "https://wpscan.com/vulnerability/7a903d61-2792-4fe0-a26b-f400f4a3124b/"}, {"url": "https://research.cleantalk.org/cve-2025-1622/"}], "descriptions": [{"lang": "en", "value": "The GDPR Cookie Compliance \u2013 Cookie Banner, Cookie Consent, Cookie Notice \u2013 CCPA, DSGVO, RGPD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.15.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:46:25.963Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2205", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:46:25.963Z", "dateReserved": "2025-03-11T14:31:48.682Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-03-12T03:21:26.642Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mooveagency:gdpr_cookie_compliance:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9048FD0F-67F5-48E5-9CE8-1E5B5590E4AF", "versionEndExcluding": "4.15.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The GDPR Cookie Compliance \u2013 Cookie Banner, Cookie Consent, Cookie Notice \u2013 CCPA, DSGVO, RGPD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.15.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."}, {"lang": "es", "value": "El complemento GDPR Cookie Compliance \u2013 Cookie Banner, Cookie Consent, Cookie Notice \u2013 CCPA, DSGVO, RGPD para WordPress es vulnerable a cross site scripting almacenado a trav\u00e9s de la configuraci\u00f3n de administrador en todas las versiones hasta la 4.15.6 incluida, debido a una depuraci\u00f3n de entrada y al escape de salida insuficiente. Esto permite a atacantes autenticados, con permisos de administrador o superiores, inyectar secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada. Esto solo afecta a instalaciones multisitio y a instalaciones donde se ha deshabilitado \"unfiltered_html\"."}], "id": "CVE-2025-2205", "lastModified": "2025-07-08T15:38:59.900", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-03-12T04:15:19.810", "references": [{"source": "security@wordfence.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://research.cleantalk.org/cve-2025-1622/"}, {"source": "security@wordfence.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/7a903d61-2792-4fe0-a26b-f400f4a3124b/"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/37da32e4-48a1-4830-a47c-c454d60c9811?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T22:00:31.439845+00:00", "value": {"mitigation_remediation": ["Upgrade the GDPR Cookie Compliance plugin to a version newer than 4.15.6", "If an immediate upgrade is not possible, remove any custom scripts from the plugin\u2019s admin settings or disable the site until a patch is applied", "Use role\u2011management to restrict the number of users with administrative rights"], "summary": {"action": "Patch Now", "impact": "Stored Cross-Site Scripting"}, "threat_synthesis": {"affected_systems": "Moove Agency\u2019s GDPR Cookie Compliance plugin for WordPress \u2013 any version up to and including 4.15.6. The flaw is present in multisite installations and in configurations where the unfiltered_html WordPress setting has been disabled.", "description_and_impact": "The plugin contains insufficient input sanitization and output escaping in its admin settings, which lets any user with administrator permissions embed JavaScript that is later stored and served to all site visitors. This stored cross\u2011site scripting can be used to hijack user sessions, deface pages, or redirect traffic, thereby compromising the confidentiality and integrity of the site\u2019s users.", "risk_and_exploitability": "The CVSS score is 4.4, indicating a moderate level of impact, while the EPSS score is less than 1% and the vulnerability is not listed in the CISA KEV catalog. Because the attack requires administrative credentials, the vector is authenticated, but the exploitation is still serious because the injected script runs in every browser that views the affected page. The limited exploitation probability reflects the need for privileged access, yet once executed it can affect all users who access the site."}}}}, "created": "2026-04-21T22:15:45.894294+00:00", "updated": "2026-04-21T22:15:45.894317+00:00", "vendors": []}