Complianz Plugin Vulnerability Patched: Update to Ensure Privacy Compliance

Popular WordPress Plugin Patched to Fix XSS Vulnerability

A popular WordPress plugin used for privacy compliance, Complianz | GDPR/CCPA Cookie Consent, recently patched a stored XSS vulnerability that could potentially allow attackers to upload malicious scripts and launch attacks against site visitors. The plugin, with over 800,000 installations, is a crucial tool for website owners to ensure compliance with privacy regulations such as GDPR and CCPA.

The vulnerability was discovered in the plugin’s admin settings, where a lack of input sanitization and output escaping made it possible for attackers with admin-level permissions to inject arbitrary web scripts. This vulnerability, rated 4.4 out of 10 in severity, only affects specific types of installations, such as multi-site setups or those where unfiltered_html has been disabled.

Users are strongly advised to update their Complianz plugin to version 6.5.6 or higher to mitigate the risk of exploitation. The plugin developers have addressed the vulnerability in the latest release, ensuring a more secure experience for website owners and their visitors.

For more information on the vulnerability and the necessary steps to protect your website, you can refer to the Wordfence advisory linked here.

Ensuring the security of your website and protecting the privacy of your visitors should always be a top priority, and staying informed about potential vulnerabilities like this one is essential in maintaining a safe online environment.