CVSS 3.1 Score 4.4 of 10 (medium)


Published Jan 4, 2024
Updated: Jan 10, 2024


CVE-2023-6498 is a vulnerability in the Complianz – GDPR/CCPA Cookie Consent plugin for WordPress, affecting all versions up to and including 6.5.5. This vulnerability allows authenticated attackers with administrator-level permissions or higher to inject arbitrary web scripts in pages via the plugin's admin settings, leading to stored cross-site scripting (XSS). The vulnerability only impacts multi-site installations and installations where unfiltered_html has been disabled. To remediate this vulnerability, users should update to a version of the plugin that includes a fix for the issue. The potential danger posed by this vulnerability is that it can be exploited by attackers to execute malicious scripts whenever a user accesses an injected page, potentially compromising user data and causing other security issues within an organization's website.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-6498 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options