SQL Injection Vulnerability in WPLP Cookie Consent Plugin for WordPress
CVE-2026-14475

4.9MEDIUM

What is CVE-2026-14475?

The WPLP Cookie Consent plugin for WordPress is susceptible to a generic SQL Injection vulnerability, which is triggered through the 'scan_id' parameter. This vulnerability arises from inadequate escaping of user input and insufficient preparation within the SQL query structure. It allows authenticated users with administrator-level access to inject additional SQL queries into existing ones, potentially leading to unauthorized access and extraction of sensitive database information. Users should update their plugins to mitigate the risks associated with this vulnerability.

Affected Version(s)

Cookie Banner for GDPR / CCPA – WPLP Cookie Consent 0 <= 4.3.6

References

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

PRISM
.