CVE-2025-1622
GDPR Cookie Compliance < 4.15.7 - Admin+ Stored XSSThe GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
We have discovered 26,074 live websites that are affected by CVE-2025-1622.
Affected Software
| Product |  GDPR Cookie Compliance |
| Category | Cookie compliance |
| Vulnerable Domains | 26,074 live websites (73% of GDPR Cookie Compliance install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 152 versions ( 97% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Mar 16, 2025
- Updated - Mar 17, 2025
Credits
- Dmitrii Ignatyev (finder)
- WPScan (coordinator)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-1622 United States | 2,045 websites |
 Spain | 4,558 websites |
 Germany | 3,973 websites |
 Italy | 2,346 websites |
 France | 1,676 websites |
 Poland | 1,276 websites |
 GB | 1,173 websites |
 Hungary | 1,111 websites |
 Romania | 911 websites |
 Brazil | 708 websites |
Website Distribution by TLD
Number of websites using CVE-2025-1622| .com | 8,119 websites |
| .de | 2,420 websites |
| .es | 1,979 websites |
| .it | 1,590 websites |
| .pl | 983 websites |
| .co.uk | 786 websites |
| .com.br | 673 websites |
| .org | 561 websites |
| .fr | 512 websites |
| .net | 432 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-1622
Top websites that are affected by CVE-2025-1622. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.**.uk | United States | **,*** | |
| *******.co |  Serbia | **,*** | |
| ****************.ai | United States | **,*** | |
| *******.app | United States | **,*** | |
| *****.es | Spain | **,*** | |
| *******.com | GB | **,*** | |
| **********.com | United States | **,*** | |
| **************************.pt |  Portugal | **,*** | |
| ***********.com | United States | **,*** | |
| *****.com | United States | **,*** |
FAQ
CVE-2025-1622 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GDPR Cookie Compliance
A total of 26,074 websites have been identified as vulnerable to CVE-2025-1622, based on global website indexing conducted by WebTechSurvey.
The GDPR Cookie Compliance is affected by the CVE-2025-1622 vulnerability.
GDPR Cookie Compliance versions up to 4.15.7 are vulnerable to CVE-2025-1622.
CVE-2025-1622 is resolved in version 4.15.7 of GDPR Cookie Compliance.