CVE-2023-3388 HIGH

CVE-2023-3388: Beautiful Cookie Consent Banner <= 2.10.1 - Unauthenticated Stored Cross-Site Scripting

Vendor Nikelschubert

Product Beautiful Cookie Consent Banner

Weakness CWE-79 · XSS

Published June 24, 2023

Last update April 8, 2026

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

The Beautiful Cookie Consent Banner for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nsc_bar_content_href' parameter in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. A partial patch was made available in 2.10.1 and the issue was fully patched in 2.10.2.

Key dates

02Disclosure timeline

June 24, 2023 CVE published

April 8, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-3388

Related vulnerabilities

04Related CVE

CVE-2024-44027 WordPress Gum Elementor Addon plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability CVE-2025-0829 Stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x CVE-2022-43754 SUMA/UYUNI reflected cross site scripting in /rhn/audit/scap/Search.do CVE-2026-25490 Craft Commerce has Stored XSS in Inventory Location Address Leading to Potential Privilege Escalation CVE-2025-58237 WordPress LC Wizard plugin <= 2.2.4 - Cross Site Scripting (XSS) vulnerability