Security flaw in the popular WordPress Complianz plugin: analysis and conclusions

Complianz is a WordPress plugin used by more than 800,000 installations. Its main function is to help website owners comply with the provisions of the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). The plugin manages various aspects of user privacy, including blocking third-party cookies, managing cookie consent (including by sub-region), and managing various aspects related to cookie banners.

"This plugin was found to have an XSS vulnerability that allows a user to upload malicious scripts directly to a website's server. Unlike displayed XSS, which requires a website user to click on a link, stored XSS involves malicious script stored and served from the target website's server."

🚀 The flaw is in the Complianz admin settings and is the lack of two security features. First, the lack of sufficient sanitization of input and output data. Second, the lack of an exit mechanism, which is a security process that removes unwanted data before it is displayed to the user.

• 📌 As it turns out, this flaw is serious because it requires an attacker to have administrative and higher levels of permissions to perform the attack. This may be the reason why this defect scored 4.4 points out of a possible 10, where ten represents the highest level of defect.

🚀 The flaw only affects certain types of installations. According to Wordfence: "This makes it possible for authenticated attackers with administrator permissions and above to inject arbitrary web scripts into pages that will be executed whenever a user accesses an infected page. This only applies to multisite installations and installations where unfiltered_html has been disabled."

"The flaw affects Complianz versions equal to or lower than version 6.5.5. Users are advised to upgrade to version 6.5.6 or higher."