Vulnerability Details CVE-2021-36887
Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.5.4), vulnerable parameters "tarteaucitronEmail" and "tarteaucitronPass".
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.3%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 6.8
References
- https://patchstack.com/database/vulnerability/tarteaucitronjs/wordpress-tarteaucitron-js-cookies-legislation-gdpr-plugin-1-5-4-cross-site-request-forgery-csrf-vulnerability-leading-to-cross-site-scripting-xss
- https://wordpress.org/plugins/tarteaucitronjs/#developers
- https://patchstack.com/database/vulnerability/tarteaucitronjs/wordpress-tarteaucitron-js-cookies-legislation-gdpr-plugin-1-5-4-cross-site-request-forgery-csrf-vulnerability-leading-to-cross-site-scripting-xss
- https://wordpress.org/plugins/tarteaucitronjs/#developers
Products affected by CVE-2021-36887
-
Tarteaucitron.js - Cookies Legislation & Gdpr Project » Tarteaucitron.js - Cookies Legislation & Gdpr » Version: 1.0cpe:2.3:a:tarteaucitron.js_-_cookies_legislation_&_gdpr_project:tarteaucitron.js_-_cookies_legislation_&_gdpr:1.0
-
Tarteaucitron.js - Cookies Legislation & Gdpr Project » Tarteaucitron.js - Cookies Legislation & Gdpr » Version: 1.1cpe:2.3:a:tarteaucitron.js_-_cookies_legislation_&_gdpr_project:tarteaucitron.js_-_cookies_legislation_&_gdpr:1.1
-
Tarteaucitron.js - Cookies Legislation & Gdpr Project » Tarteaucitron.js - Cookies Legislation & Gdpr » Version: 1.2.1cpe:2.3:a:tarteaucitron.js_-_cookies_legislation_&_gdpr_project:tarteaucitron.js_-_cookies_legislation_&_gdpr:1.2.1
-
Tarteaucitron.js - Cookies Legislation & Gdpr Project » Tarteaucitron.js - Cookies Legislation & Gdpr » Version: 1.3cpe:2.3:a:tarteaucitron.js_-_cookies_legislation_&_gdpr_project:tarteaucitron.js_-_cookies_legislation_&_gdpr:1.3
-
Tarteaucitron.js - Cookies Legislation & Gdpr Project » Tarteaucitron.js - Cookies Legislation & Gdpr » Version: 1.3.1cpe:2.3:a:tarteaucitron.js_-_cookies_legislation_&_gdpr_project:tarteaucitron.js_-_cookies_legislation_&_gdpr:1.3.1
-
Tarteaucitron.js - Cookies Legislation & Gdpr Project » Tarteaucitron.js - Cookies Legislation & Gdpr » Version: 1.3.2cpe:2.3:a:tarteaucitron.js_-_cookies_legislation_&_gdpr_project:tarteaucitron.js_-_cookies_legislation_&_gdpr:1.3.2
-
Tarteaucitron.js - Cookies Legislation & Gdpr Project » Tarteaucitron.js - Cookies Legislation & Gdpr » Version: 1.3.3cpe:2.3:a:tarteaucitron.js_-_cookies_legislation_&_gdpr_project:tarteaucitron.js_-_cookies_legislation_&_gdpr:1.3.3
-
Tarteaucitron.js - Cookies Legislation & Gdpr Project » Tarteaucitron.js - Cookies Legislation & Gdpr » Version: 1.3.4cpe:2.3:a:tarteaucitron.js_-_cookies_legislation_&_gdpr_project:tarteaucitron.js_-_cookies_legislation_&_gdpr:1.3.4
-
Tarteaucitron.js - Cookies Legislation & Gdpr Project » Tarteaucitron.js - Cookies Legislation & Gdpr » Version: 1.4cpe:2.3:a:tarteaucitron.js_-_cookies_legislation_&_gdpr_project:tarteaucitron.js_-_cookies_legislation_&_gdpr:1.4
-
Tarteaucitron.js - Cookies Legislation & Gdpr Project » Tarteaucitron.js - Cookies Legislation & Gdpr » Version: 1.4.1cpe:2.3:a:tarteaucitron.js_-_cookies_legislation_&_gdpr_project:tarteaucitron.js_-_cookies_legislation_&_gdpr:1.4.1
-
Tarteaucitron.js - Cookies Legislation & Gdpr Project » Tarteaucitron.js - Cookies Legislation & Gdpr » Version: 1.4.2cpe:2.3:a:tarteaucitron.js_-_cookies_legislation_&_gdpr_project:tarteaucitron.js_-_cookies_legislation_&_gdpr:1.4.2
-
Tarteaucitron.js - Cookies Legislation & Gdpr Project » Tarteaucitron.js - Cookies Legislation & Gdpr » Version: 1.4.3cpe:2.3:a:tarteaucitron.js_-_cookies_legislation_&_gdpr_project:tarteaucitron.js_-_cookies_legislation_&_gdpr:1.4.3
-
Tarteaucitron.js - Cookies Legislation & Gdpr Project » Tarteaucitron.js - Cookies Legislation & Gdpr » Version: 1.4.4cpe:2.3:a:tarteaucitron.js_-_cookies_legislation_&_gdpr_project:tarteaucitron.js_-_cookies_legislation_&_gdpr:1.4.4
-
Tarteaucitron.js - Cookies Legislation & Gdpr Project » Tarteaucitron.js - Cookies Legislation & Gdpr » Version: 1.4.5cpe:2.3:a:tarteaucitron.js_-_cookies_legislation_&_gdpr_project:tarteaucitron.js_-_cookies_legislation_&_gdpr:1.4.5
-
Tarteaucitron.js - Cookies Legislation & Gdpr Project » Tarteaucitron.js - Cookies Legislation & Gdpr » Version: 1.4.6cpe:2.3:a:tarteaucitron.js_-_cookies_legislation_&_gdpr_project:tarteaucitron.js_-_cookies_legislation_&_gdpr:1.4.6
-
Tarteaucitron.js - Cookies Legislation & Gdpr Project » Tarteaucitron.js - Cookies Legislation & Gdpr » Version: 1.4.7cpe:2.3:a:tarteaucitron.js_-_cookies_legislation_&_gdpr_project:tarteaucitron.js_-_cookies_legislation_&_gdpr:1.4.7
-
Tarteaucitron.js - Cookies Legislation & Gdpr Project » Tarteaucitron.js - Cookies Legislation & Gdpr » Version: 1.4.8cpe:2.3:a:tarteaucitron.js_-_cookies_legislation_&_gdpr_project:tarteaucitron.js_-_cookies_legislation_&_gdpr:1.4.8
-
Tarteaucitron.js - Cookies Legislation & Gdpr Project » Tarteaucitron.js - Cookies Legislation & Gdpr » Version: 1.4.9cpe:2.3:a:tarteaucitron.js_-_cookies_legislation_&_gdpr_project:tarteaucitron.js_-_cookies_legislation_&_gdpr:1.4.9
-
Tarteaucitron.js - Cookies Legislation & Gdpr Project » Tarteaucitron.js - Cookies Legislation & Gdpr » Version: 1.5.0cpe:2.3:a:tarteaucitron.js_-_cookies_legislation_&_gdpr_project:tarteaucitron.js_-_cookies_legislation_&_gdpr:1.5.0
-
Tarteaucitron.js - Cookies Legislation & Gdpr Project » Tarteaucitron.js - Cookies Legislation & Gdpr » Version: 1.5.1cpe:2.3:a:tarteaucitron.js_-_cookies_legislation_&_gdpr_project:tarteaucitron.js_-_cookies_legislation_&_gdpr:1.5.1
-
Tarteaucitron.js - Cookies Legislation & Gdpr Project » Tarteaucitron.js - Cookies Legislation & Gdpr » Version: 1.5.2cpe:2.3:a:tarteaucitron.js_-_cookies_legislation_&_gdpr_project:tarteaucitron.js_-_cookies_legislation_&_gdpr:1.5.2
-
Tarteaucitron.js - Cookies Legislation & Gdpr Project » Tarteaucitron.js - Cookies Legislation & Gdpr » Version: 1.5.3cpe:2.3:a:tarteaucitron.js_-_cookies_legislation_&_gdpr_project:tarteaucitron.js_-_cookies_legislation_&_gdpr:1.5.3
-
Tarteaucitron.js - Cookies Legislation & Gdpr Project » Tarteaucitron.js - Cookies Legislation & Gdpr » Version: 1.5.4cpe:2.3:a:tarteaucitron.js_-_cookies_legislation_&_gdpr_project:tarteaucitron.js_-_cookies_legislation_&_gdpr:1.5.4