CVE-2018-10371

MEDIUM

wunderfarm WF Cookie Consent 1.1.3 - Stored Cross-Site Scripting via Page Title

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-10371. PoCs published by B0UG.

AI-analyzed exploit summary This is a writeup describing an authenticated persistent XSS vulnerability in the WF Cookie Consent WordPress plugin. The PoC outlines steps to inject malicious scripts via the page title field, which executes when accessing the plugin settings.

Description

An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1.3 for WordPress. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser via a page title.

Exploits (1)

exploitdb WRITEUP
by B0UG · textwebappsphp
https://www.exploit-db.com/exploits/44585

This is a writeup describing an authenticated persistent XSS vulnerability in the WF Cookie Consent WordPress plugin. The PoC outlines steps to inject malicious scripts via the page title field, which executes when accessing the plugin settings.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: WF Cookie Consent WordPress plugin version 1.1.3
Auth required
Prerequisites: WordPress admin access · WF Cookie Consent plugin installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/9080
Release Notes, Third Party Advisory x_refsource_misc
https://wordpress.org/plugins/wf-cookie-consent/#developers
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44585/
Exploit, Third Party Advisory x_refsource_misc
https://gist.github.com/B0UG/8615df3fe83a4deca07334af783696d6

Scores

CVSS v3 6.1
EPSS 0.0641
EPSS Percentile 92.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
wunderfarm/wf_cookie_consent 1.1.3
Published May 01, 2018
Tracked Since Feb 18, 2026