CVE-2021-36887

State: PUBLISHED · Published: 2021-12-20 · Updated: 2025-03-28 · Assigner: Patchstack

Description

Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.5.4), vulnerable parameters "tarteaucitronEmail" and "tarteaucitronPass".

CWE

CWE-352 — CWE-352 Cross-Site Request Forgery (CSRF)
CWE-79 — CWE-79 Cross-site Scripting (XSS)

Affected

Tarteaucitron / tarteaucitron.js – Cookies legislation & GDPR (WordPress plugin) — v=<= 1.5.4 ≤1.5.4 [affected]

CVSS

3.1 score=6.1 severity=MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L

References

https://wordpress.org/plugins/tarteaucitronjs/#developers x_refsource_CONFIRM
https://patchstack.com/database/vulnerability/tarteaucitronjs/wordpress-tarteaucitron-js-cookies-legislation-gdpr-plugin-1-5-4-cross-site-request-forgery-csrf-vulnerability-leading-to-cross-site-scripting-xss x_refsource_MISC

Source

cvelistV5-main/cves/2021/36xxx/CVE-2021-36887.json