SQL Injection Vulnerability in WPLP Cookie Consent Plugin for WordPress
CVE-2026-12920
4.9MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 3 July 2026
What is CVE-2026-12920?
The WPLP Cookie Consent plugin for WordPress is susceptible to SQL Injection through the 's' parameter, allowing authenticated users with administrator-level access to manipulate SQL queries. This vulnerability arises from inadequate escaping of user-supplied input and insufficient preparation of the SQL query itself. Attackers could exploit this weakness to inject additional SQL commands, potentially leading to the unauthorized retrieval of sensitive data from the database. It is crucial for WordPress administrators to be aware of this vulnerability and apply necessary updates to maintain site integrity.
Affected Version(s)
Cookie Banner for GDPR / CCPA β WPLP Cookie Consent 0 <= 4.3.5