GDPR Cookie Consent Vulnerability

Today, 10th February it was announced that a GDPR Cookie Consent Vulnerability had been discovered and fix made available.

The GDPR Cookie Consent is a popular WordPress plugin that helps make websites compliant with the General Data Protection Regulation (GDPR).

What is the GDPR Cookie Consent Vulnerability?

It has been found the vulnerability stems from improper access controls in a GDPR Cookie Consent endpoint. If exploited, the vulnerability could enable attackers to modify content or inject malicious JavaScript code into victim websites.

How to resolve the GDPR Cookie Consent Vulnerability?

This is very simple, navigate to your plugin section in your WordPress Admin panel and update the plugin to the newest version – 1.8.3

Code Snippets Vulnerability

Yesterday, 30th January it was announced that a Code Snippets Vulnerability had been discovered.

The Code Snippets is a popular WordPress plugin that allows users to execute code without adding custom snippets to their theme’s functions.php file.

What is the Code Snippets Vulnerability?

It has been found that a high severity cross-site request forgery (CSRF) bug, tracked as CVE-2020-8417, in Code Snippets plugin could be exploited by attackers to take over WordPress sites running vulnerable versions of the Code Snippets plugin.

How to resolve the Code Snippets Vulnerability?

This is very simple, navigate to your plugin section in your WordPress Admin panel and update the plugin to the newest version – 2.14.0.