Access Control Flaws in WP Cookie Notice for GDPR by WP Legal Pages
CVE-2025-66133

Currently unrated

Key Information:

Vendor

WordPress
Status
WP Cookie Notice For Gdpr, Ccpa & Eprivacy Consent
Vendor
CVE Published:
16 December 2025

What is CVE-2025-66133?

A significant security concern exists within the WP Cookie Notice for GDPR, CCPA & ePrivacy Consent plugin due to missing authorization checks. This vulnerability allows unauthorized users to manipulate security controls, potentially leading to exposure of sensitive information or improper access to restricted functionalities. It affects versions of this plugin up to and including 4.0.7, posing a risk to websites that have not implemented appropriate access control measures.

Affected Version(s)

WP Cookie Notice for GDPR, CCPA & ePrivacy Consent <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/gdpr...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Legion Hunter | Patchstack Bug Bounty Program
JSON
.
CVE-2025-66133 : Access Control Flaws in WP Cookie Notice for GDPR by WP Legal Pages