The WP Cookie Notice for GDPR, CCPA & ePrivacy Consent plugin for WordPress has a vulnerability that affects versions up to and including 2.2.5. This security issue allows someone with administrator privileges to embed malicious code into files that they export as CSV files. If a person downloads and opens one of these CSV files on a local system that is not configured securely, the malicious code can be executed.