Authorization Bypass Vulnerability in GDPR Cookie Compliance Plugin for WordPress
CVE-2019-25143

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Gdpr Cookie Compliance (ccpa, Dsgvo, Cookie Consent)
Vendor: CVE Published:; 7 June 2023

What is CVE-2019-25143?

The GDPR Cookie Compliance plugin for WordPress is susceptible to an authorization bypass vulnerability due to a lack of capability checks on the gdpr_cookie_compliance_reset_settings AJAX action. This weakness, present in versions up to and including 4.0.2, allows authenticated attackers to effortlessly reset all plugin settings, potentially leading to unauthorized configuration alterations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) * <= 4.0.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://blog.nintechnet.com/wordpress-gdpr-cookie-complia...

https://www.acunetix.com/vulnerabilities/web/wordpress-pl...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 7, 2023
Vulnerability Reserved
Jun 6, 2023

Credit

Jerome Bruandet

JSON

Wordpress

What is CVE-2019-25143?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.