CVE-2025-2205 – This stored XSS vulnerability in the GDPR Cooki... (How to Fix)

Q: What is the severity of CVE-2025-2205?

CVE-2025-2205 has a CVSS score of 4.4 (MEDIUM). This stored XSS vulnerability in the GDPR Cookie Compliance WordPress plugin allows authenticated administrators to inject malicious scripts into admin settings pages. The injected scripts execute when other users view those pages, potentially compromising their accounts. Only WordPress multisite installations and sites with unfiltered_html disabled are affected.

📋 TL;DR

This stored XSS vulnerability in the GDPR Cookie Compliance WordPress plugin allows authenticated administrators to inject malicious scripts into admin settings pages. The injected scripts execute when other users view those pages, potentially compromising their accounts. Only WordPress multisite installations and sites with unfiltered_html disabled are affected.

💻 Affected Systems

Products:

GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice – CCPA, DSGVO, RGPD WordPress plugin

Versions: All versions up to and including 4.15.6

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ✅ No

Notes: Only affects WordPress multisite installations and installations where unfiltered_html capability is disabled

📦 What is this software?

Gdpr Cookie Compliance by Mooveagency

View all CVEs affecting Gdpr Cookie Compliance →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers with admin access could steal session cookies, redirect users to malicious sites, or perform actions as other administrators, potentially leading to full site compromise.

🟠

Likely Case

Malicious administrators could inject tracking scripts, deface admin pages, or perform limited privilege escalation within the WordPress environment.

🟢

If Mitigated

With proper access controls and input validation, impact is limited to the specific admin user's actions within their authorized scope.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires administrator-level WordPress credentials. Exploitation is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.15.7 or later

Vendor Advisory: https://wordpress.org/plugins/gdpr-cookie-compliance/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'GDPR Cookie Compliance' plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 4.15.7+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Disable plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate gdpr-cookie-compliance

Enable unfiltered_html

all

Enable unfiltered_html capability for administrators (not recommended for security)

Add define('DISALLOW_UNFILTERED_HTML', false); to wp-config.php

🧯 If You Can't Patch

Restrict administrator account creation and review existing admin users for suspicious activity
Implement web application firewall rules to block XSS payloads targeting admin endpoints

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin → Plugins → Installed Plugins. If version is 4.15.6 or lower and you have multisite or unfiltered_html disabled, you are vulnerable.

Check Version:

wp plugin get gdpr-cookie-compliance --field=version

Verify Fix Applied:

Verify plugin version is 4.15.7 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual admin user activity, especially plugin settings modifications
POST requests to plugin admin endpoints with script tags in parameters

Network Indicators:

HTTP requests containing script payloads to /wp-admin/admin.php?page=gdpr-cookie-compliance

SIEM Query:

source="wordpress" AND (uri_path="/wp-admin/admin.php" AND uri_query="*page=gdpr-cookie-compliance*" AND (http_method="POST" OR parameters CONTAINS "<script"))

📊 Metadata

CVE ID: CVE-2025-2205

CVSS v3 Score: 4.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.14% exploit probability (34.8th percentile)

Published: March 12, 2025

Last Updated: July 8, 2025

🔗 References

https://research.cleantalk.org/cve-2025-1622/ Exploit,Third Party Advisory
https://wpscan.com/vulnerability/7a903d61-2792-4fe0-a26b-f400f4a3124b/ Exploit,Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/37da32e4-48a1-4830-a47c-c454d60c9811?source=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-2205, you might also want to check these: