CVE-2023-51404 MEDIUM

CVE-2023-51404: WordPress My Agile Privacy Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Vendor Myagileprivacy
Product My Agile Privacy – The only GDPR solution for WordPress that you can truly trust
Weakness CWE-79 · XSS
Published February 10, 2024
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MyAgilePrivacy My Agile Privacy – The only GDPR solution for WordPress that you can truly trust allows Stored XSS.This issue affects My Agile Privacy – The only GDPR solution for WordPress that you can truly trust: from n/a through 2.1.7.

Key dates

02Disclosure timeline

February 10, 2024 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-3565 Cross-site Scripting (XSS) - Generic in nilsteampassnet/teampass CVE-2023-41871 WordPress Poll Maker Plugin <= 4.7.0 is vulnerable to Cross Site Scripting (XSS) CVE-2025-22268 WordPress Uncanny Toolkit for LearnDash plugin <= 3.7.0.1 - Cross Site Scripting (XSS) vulnerability CVE-2026-26992 LibreNMS has Stored Cross-Site Scripting via unsanitized /port-groups name CVE-2023-0015 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (Web Intelligence)