SQL Injection Vulnerability in WeePie Cookie Allow Plugin for WordPress
CVE-2026-4304

7.5HIGH

Key Information:

Vendor: WordPress
Status: Weepie Cookie Allow
Vendor: CVE Published:; 5 May 2026

What is CVE-2026-4304?

The WeePie Cookie Allow plugin for WordPress is susceptible to SQL Injection vulnerabilities via the 'consent' parameter. Due to insufficient escaping of user-supplied data and inadequate preparation of SQL queries, attackers may exploit this vulnerability to inject additional SQL commands. Unauthenticated users can leverage this flaw to access sensitive information, putting the integrity of the site's database at risk.

Affected Version(s)

WeePie Cookie Allow 0 <= 3.4.11

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://codecanyon.net/item/weepie-cookie-allow-easy-comp...

https://weepie-plugins.com/changelog-weepie-cookie-allow-...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2026
Vulnerability Reserved
Mar 16, 2026

Credit

Ren Voza

CVE-2026-4304 Data

JSON