Vulnerabilities

CVE-2024-3599

by Fred · 02/05/2024

The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdpr_policy_process_delete() function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to delete arbitrary posts.

More information : https://plugins.trac.wordpress.org/changeset/3071278/gdpr-cookie-consent/tags/3.1.0/admin/class-gdpr-cookie-consent-admin.php

Similar

Tags: Cybersecurity Alert