NIXPKGS-2026-0011

published on 13 Jan 2026

CVE-2025-67554

updated 1 week, 1 day ago by @LeSuisse Activity log

Created automatic suggestion 1 week, 6 days ago
@LeSuisse accepted as draft 1 week, 1 day ago
@LeSuisse published on GitHub 1 week, 1 day ago

WordPress Cookie Notice & Compliance for GDPR / CCPA plugin <= 2.5.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Humanityco Cookie Notice & Compliance for GDPR / CCPA cookie-notice allows Stored XSS.This issue affects Cookie Notice & Compliance for GDPR / CCPA: from n/a through <= 2.5.8.

Affected products

cookie-notice

=<<= 2.5.8

Matching in nixpkgs

pkgs.wordpressPackages.plugins.cookie-notice

nixos-unstable 2.5.6
- nixpkgs-unstable 2.5.6
- nixos-unstable-small 2.5.6
nixos-25.11 2.5.6
- nixos-25.11-small 2.5.6
- nixpkgs-25.11-darwin 2.5.6
nixos-25.05 2.5.6
- nixos-25.05-small 2.5.6
- nixpkgs-25.05-darwin 2.5.6

Nixpkgs Security Tracker

Details of issue NIXPKGS-2026-0011

Affected products

Matching in nixpkgs

pkgs.wordpressPackages.plugins.cookie-notice