Authorization Bypass Vulnerability in GDPR Cookie Compliance Plugin for WordPress
CVE-2019-25143

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Gdpr Cookie Compliance (ccpa, Dsgvo, Cookie Consent)
Vendor: CVE Published:; 7 June 2023

Summary

The GDPR Cookie Compliance plugin for WordPress is susceptible to an authorization bypass vulnerability due to a lack of capability checks on the gdpr_cookie_compliance_reset_settings AJAX action. This weakness, present in versions up to and including 4.0.2, allows authenticated attackers to effortlessly reset all plugin settings, potentially leading to unauthorized configuration alterations.

Affected Version(s)

GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) * <= 4.0.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://blog.nintechnet.com/wordpress-gdpr-cookie-complia...

https://www.acunetix.com/vulnerabilities/web/wordpress-pl...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 7, 2023
Vulnerability Reserved
Jun 6, 2023

Credit

Jerome Bruandet