CVE-2025-10496
📋 TL;DR
The Cookie Notice & Consent WordPress plugin up to version 1.6.5 has a stored XSS vulnerability in the uuid parameter. Unauthenticated attackers can inject malicious scripts that execute when users visit compromised pages, potentially affecting all WordPress sites using vulnerable versions of this plugin.
💻 Affected Systems
- Cookie Notice & Consent WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, redirect users to malicious sites, deface websites, or perform actions on behalf of authenticated users.
Likely Case
Attackers inject malicious scripts to steal user session cookies or credentials, leading to account compromise.
If Mitigated
With proper web application firewalls and content security policies, script execution could be blocked, limiting impact to failed injection attempts.
🎯 Exploit Status
The vulnerability requires no authentication and exploitation is straightforward once the injection vector is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.6.6 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Cookie Notice & Consent' and click 'Update Now'. 4. Verify plugin version is 1.6.6 or higher.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily disable the Cookie Notice & Consent plugin until patched
wp plugin deactivate cookie-notice-consent
Implement Content Security Policy
allAdd CSP headers to restrict script execution sources
Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Add to nginx config: add_header Content-Security-Policy "default-src 'self'; script-src 'self'";
🧯 If You Can't Patch
- Implement a web application firewall (WAF) with XSS protection rules
- Monitor for suspicious script injection attempts in access logs
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for Cookie Notice & Consent versionCheck Version:
wp plugin list --name=cookie-notice-consent --field=versionVerify Fix Applied:
Verify plugin version is 1.6.6 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests containing script tags or JavaScript in uuid parameter
- Multiple failed injection attempts in web server logs
Network Indicators:
- HTTP requests with suspicious JavaScript payloads in parameters
- Outbound connections to unknown domains from injected pages
SIEM Query:
source="web_logs" AND (uri_path="*uuid=*<script*" OR uri_path="*uuid=*javascript:*")🔗 References
- https://plugins.trac.wordpress.org/browser/cookie-notice-consent/tags/1.6.5/includes/class-cnc-admin.php#L33
- https://plugins.trac.wordpress.org/browser/cookie-notice-consent/tags/1.6.5/includes/class-cnc-logger.php#L141
- https://plugins.trac.wordpress.org/browser/cookie-notice-consent/tags/1.6.5/includes/class-cnc-logger.php#L259
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3373718%40cookie-notice-consent%2Ftrunk&old=3345005%40cookie-notice-consent%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/035097dd-8ebd-49b8-93ea-0f957594f130?source=cve
