CVE-2018-10310

MEDIUM

Catapult UK Cookie Consent <2.3.10 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-10310. PoCs published by B0UG.

AI-analyzed exploit summary This is a writeup describing a persistent XSS vulnerability in the UK Cookie Consent WordPress plugin v2.3.9. The vulnerability allows arbitrary script execution via the page title field, which is then rendered in the plugin's settings interface.

Description

A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary HTML/script code in the context of a victim's browser.

Exploits (1)

exploitdb WRITEUP
by B0UG · textwebappsphp
https://www.exploit-db.com/exploits/44503

This is a writeup describing a persistent XSS vulnerability in the UK Cookie Consent WordPress plugin v2.3.9. The vulnerability allows arbitrary script execution via the page title field, which is then rendered in the plugin's settings interface.

Classification
Writeup 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: UK Cookie Consent WordPress plugin v2.3.9
Auth required
Prerequisites: Access to WordPress admin panel · UK Cookie Consent plugin v2.3.9 or older installed
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44503/
Product, Release Notes x_refsource_misc
https://wordpress.org/plugins/uk-cookie-consent/#developers

Scores

CVSS v3 5.4
EPSS 0.0389
EPSS Percentile 88.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
catapultthemes/cookie_consent < 2.3.10
Published Apr 25, 2018
Tracked Since Feb 18, 2026