WordPress Cross-Site-Scripting Vulnerability

WordPress Cross-Site-Scripting Vulnerability

I just got a notice that the plugin

GDPR Cookie Consent

has a XSS vulnerability in it. Just released today:

This entry was posted in Vulnerabilities, WordPress Security on February 11, 2020 by Matt Barry   0 Replies

Description: Improper Access Controls
Affected Plugin: GDPR Cookie Consent
Affected Versions: <= 1.8.2
CVSS Score: 9.0 (Critical)
CVSS Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Patched Version: 1.8.3

If you are using this plugin, you will want to upgrade to version 1.8.3 immediately. If you want the details of the vulnerability and how it works, you can read the rest of the long post here:

or search it out on the WordFence blog.

Thanks for visiting. Share this information with your developer friends! 🙂

Why email passwords are not enough

Why email passwords are not enough

Do you have security on your email account? How much…a good password maybe? It’s not enough. And here is why…

Your email account gives access to ANY other account you may hold. If someone can access your email account, they can ‘verify’ and get into ANY of your online accounts. Maybe you think people don’t try? Well that would be a very bad mistake. Here is my account that someone has been trying to get in to unsuccessfully for 24 hours now. It’s been unsuccessful because #1 I have 2-step verification on my microsoft account.  And #2, because I have 2-step verification on, you need another ‘special’ password to set up email, because the regular password won’t work in an email setup if you have 2-step security turned on.

If you look at the image, you will see the protocol they were trying to access was/is IMAP …which is email. When the request hit my phone today, I changed the password to make it even more difficult, now they have to start over if they want to continue…but somehow they got my email password, or I would have never got a request on my phone. So that should be proof to you that passwords alone are not enough.

There are certain accounts that need to be protected harder than other accounts…these are banking, hosting, and email accounts. Don’t take chances with them. You may never need it for 5 years…but if you have it in place and use it regularly…the 1 time you do need it, it will protect you.

Call Everything I.T. if you need help with security. We can help you.

email account security