SQL Injection Vulnerability in WPLP Cookie Consent Plugin for WordPress
CVE-2026-12920

4.9MEDIUM

What is CVE-2026-12920?

The WPLP Cookie Consent plugin for WordPress is susceptible to SQL Injection through the 's' parameter, allowing authenticated users with administrator-level access to manipulate SQL queries. This vulnerability arises from inadequate escaping of user-supplied input and insufficient preparation of the SQL query itself. Attackers could exploit this weakness to inject additional SQL commands, potentially leading to the unauthorized retrieval of sensitive data from the database. It is crucial for WordPress administrators to be aware of this vulnerability and apply necessary updates to maintain site integrity.

Affected Version(s)

Cookie Banner for GDPR / CCPA – WPLP Cookie Consent 0 <= 4.3.5

References

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

PRISM
.