A critical Cross-Site Scripting (XSS) vulnerability has been identified in the Protección de Datos RGPD plugin. This vulnerability could allow a malicious actor to inject malicious scripts into the website, which could then be executed by visitors to the site.

LEE SE HYOUNG (hackintoanetwork) discovered and reported this vulnerability.

The vulnerability is caused by a flaw in the way the Protección de Datos RGPD plugin handles user input. This flaw allows a malicious actor to inject arbitrary code into the website’s output, which can then be executed by visitors to the site.

Severity

The vulnerability has a CVSS 3.1 score of 7.1, which is considered high severity. This means that the vulnerability is relatively easy to exploit and could have a significant impact on a website.

Affected Versions

All versions of the Protección de Datos RGPD plugin

Impact

If a malicious actor is able to exploit this vulnerability, they could inject malicious scripts into the website. These scripts could then be executed by visitors to the site, which could lead to a variety of problems, such as:

  • Redirecting visitors to malicious websites
  • Injecting advertisements into your website
  • Stealing cookies or other sensitive information from visitors

Recommendation

Disable the Protección de Datos RGPD plugin immediately. If you are still using this plugin, it is important to upgrade to a more secure alternative.