Vulnerability-Lookup

CNVD-2026-23837

Vulnerability from cnvd - Published: 2026-06-12

Title

WordPress插件WP GDPR Cookie Consent跨站脚本漏洞

Description

WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress插件WP GDPR Cookie Consent存在跨站脚本漏洞，该漏洞源于handleAjaxCalls函数缺少能力和nonce检查，且对gdprConfig值的输入清理和输出转义不足，攻击者可利用该漏洞（订阅者级别及以上）注入任意Web脚本，在用户访问受影响页面时执行。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.wordfence.com/threat-intel/vulnerabilities/id/95c7f999-3676-4b91-9ee0-f55a27bcd93c?source=cve

Reference

https://nvd.nist.gov/vuln/detail/CVE-2026-8977

Impacted products

Name
WordPress WP GDPR Cookie Consent <=1.0.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2026-8977",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-8977"
    }
  },
  "description": "WordPress\u662f\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u5177\u6709\u5728\u57fa\u4e8ePHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u7684\u529f\u80fd\u3002WordPress plugin\u662f\u4e00\u4e2a\u5e94\u7528\u63d2\u4ef6\u3002\n\nWordPress\u63d2\u4ef6WP GDPR Cookie Consent\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8ehandleAjaxCalls\u51fd\u6570\u7f3a\u5c11\u80fd\u529b\u548cnonce\u68c0\u67e5\uff0c\u4e14\u5bf9gdprConfig\u503c\u7684\u8f93\u5165\u6e05\u7406\u548c\u8f93\u51fa\u8f6c\u4e49\u4e0d\u8db3\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\uff08\u8ba2\u9605\u8005\u7ea7\u522b\u53ca\u4ee5\u4e0a\uff09\u6ce8\u5165\u4efb\u610fWeb\u811a\u672c\uff0c\u5728\u7528\u6237\u8bbf\u95ee\u53d7\u5f71\u54cd\u9875\u9762\u65f6\u6267\u884c\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.wordfence.com/threat-intel/vulnerabilities/id/95c7f999-3676-4b91-9ee0-f55a27bcd93c?source=cve",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-23837",
  "openTime": "2026-06-12",
  "products": {
    "product": "WordPress WP GDPR Cookie Consent \u003c=1.0.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2026-8977",
  "serverity": "\u4e2d",
  "submitTime": "2026-06-10",
  "title": "WordPress\u63d2\u4ef6WP GDPR Cookie Consent\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

CVE-2026-8977 (GCVE-0-2026-8977)

Vulnerability from cvelistv5 – Published: 2026-06-09 03:41 – Updated: 2026-06-09 13:26

Title

WP GDPR Cookie Consent <= 1.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'ninja_gdpr_ajax_actions' AJAX Action

Summary

The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninja_gdpr_ajax_actions' AJAX action in versions up to, and including, 1.0.0. This is due to missing capability and nonce checks on the handleAjaxCalls() function, combined with insufficient input sanitization on the gdprConfig values and missing output escaping in the generateCSS() function which echoes stored configuration values directly into a <style> block rendered on wp_head. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity

6.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

Wordfence

References

5 references

URL	Tags
https://www.wordfence.com/threat-intel/vulnerabil…
https://plugins.trac.wordpress.org/browser/wp-gdp…
https://plugins.trac.wordpress.org/browser/wp-gdp…
https://plugins.trac.wordpress.org/browser/wp-gdp…
https://plugins.trac.wordpress.org/browser/wp-gdp…

Impacted products

1 product

Vendor	Product	Version
techjewel	WP GDPR Cookie Consent	Affected: 0 , ≤ 1.0.0 (semver)

Credits

Kishan Vyas Hardik Patel

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-8977",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-09T13:26:22.573127Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-09T13:26:32.899Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "WP GDPR Cookie Consent",
          "vendor": "techjewel",
          "versions": [
            {
              "lessThanOrEqual": "1.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Kishan Vyas"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Hardik Patel"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027ninja_gdpr_ajax_actions\u0027 AJAX action in versions up to, and including, 1.0.0. This is due to missing capability and nonce checks on the handleAjaxCalls() function, combined with insufficient input sanitization on the gdprConfig values and missing output escaping in the generateCSS() function which echoes stored configuration values directly into a \u003cstyle\u003e block rendered on wp_head. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-09T03:41:21.669Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/95c7f999-3676-4b91-9ee0-f55a27bcd93c?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/wp-gdpr-cookie-consent/trunk/Classes/GdprHandler.php#L169"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/wp-gdpr-cookie-consent/trunk/Classes/GdprHandler.php#L7"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/wp-gdpr-cookie-consent/trunk/Classes/GdprHandler.php#L86"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/wp-gdpr-cookie-consent/trunk/wp-gdpr-cookie-consent.php#L35"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-06-08T15:05:04.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "WP GDPR Cookie Consent \u003c= 1.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via \u0027ninja_gdpr_ajax_actions\u0027 AJAX Action"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2026-8977",
    "datePublished": "2026-06-09T03:41:21.669Z",
    "dateReserved": "2026-05-19T13:04:46.100Z",
    "dateUpdated": "2026-06-09T13:26:32.899Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2026-23837

CVE-2026-8977 (GCVE-0-2026-8977)

Tags

Sightings

Nomenclature