The The Show Me The Cookies plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

Cross-Site Request Forgery (CSRF) vulnerability in Aleapp WP Cookies Alert allows Cross Site Request Forgery.This issue affects WP Cookies Alert: from n/a through 1.1.1.

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Filippo Bodei WP Cookies Enabler allows PHP Local File Inclusion.This issue affects WP Cookies Enabler: from n/a through 1.0.1.

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jonk @ Follow me Darling Cookies and Content Security Policy.This issue affects Cookies and Content Security Policy: from n/a through 2.15.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jes Madsen Cookies by JM plugin <= 1.0 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 3com – Asesor de Cookies para normativa española plugin <= 3.4.3 versions.

Improper validation of integrity check vulnerability in Samsung Kies prior to version 2.6.4.22074 allows local attackers to delete arbitrary directory using directory junction.

DLL hijacking vulnerability in KiesWrapper in Samsung Kies prior to version 2.6.4.22043_1 allows attacker to execute arbitrary code.

DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 allows attacker to execute abitrary code.

Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities were discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.6).