SQL Injection Vulnerability in WPLP Cookie Consent Plugin for WordPress
CVE-2026-14475
4.9MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 10 July 2026
What is CVE-2026-14475?
The WPLP Cookie Consent plugin for WordPress is susceptible to a generic SQL Injection vulnerability, which is triggered through the 'scan_id' parameter. This vulnerability arises from inadequate escaping of user input and insufficient preparation within the SQL query structure. It allows authenticated users with administrator-level access to inject additional SQL queries into existing ones, potentially leading to unauthorized access and extraction of sensitive database information. Users should update their plugins to mitigate the risks associated with this vulnerability.
Affected Version(s)
Cookie Banner for GDPR / CCPA β WPLP Cookie Consent 0 <= 4.3.6