EUVD-2024-17336

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Complianz plugin for WordPress is vulnerable to Cross-Site Request Forgery allowing data deletion.

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability of the process_delete function in the class-DNSMPD.php component of the GDPR/CCPA Cookie Consent plugin for WordPress’ content management system allows a hacker to perform a CSRF attack.	14 Mar 202400:00	–	bdu_fstec
Circl	CVE-2024-1592	2 Mar 202408:21	–	circl
CNNVD	WordPress Plugin Complianz Security Vulnerability	2 Mar 202400:00	–	cnnvd
CVE	CVE-2024-1592	2 Mar 202406:46	–	cve
Cvelist	CVE-2024-1592 Complianz – GDPR/CCPA Cookie Consent <= 6.5.6 - Cross-Site Request Forgery to Data Request Deletion	2 Mar 202406:46	–	cvelist
NVD	CVE-2024-1592	2 Mar 202407:15	–	nvd
Patchstack	WordPress Complianz – GDPR/CCPA Cookie Consent Plugin <= 6.5.6 is vulnerable to Cross Site Request Forgery (CSRF)	4 Mar 202400:00	–	patchstack
Prion	Cross site request forgery (csrf)	2 Mar 202407:15	–	prion
Positive Technologies	PT-2024-2071 · WordPress · The Complianz – Gdpr/Ccpa Cookie Consent	1 Mar 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-1592	23 May 202508:22	–	redhatcve

[
  {
    "enisaIdVendor": [
      {
        "id": "8d907f5a-ceca-305f-9604-093eeb183ae4",
        "vendor": {
          "name": "rogierlankhorst"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "1566dbd0-a9f9-33f0-8c9f-882db0133bfc",
        "product": {
          "name": "Complianz – GDPR/CCPA Cookie Consent"
        }
      },
      {
        "id": "61e239c5-6dc7-3b09-a7e9-e1b365c3f3fa",
        "product": {
          "name": "Complianz – GDPR/CCPA Cookie Consent"
        },
        "product_version": "* ≤6.5.6"
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/6b524fc5-4beb-49f6-bafa-c788c6d1d78c
plugins	www.plugins.trac.wordpress.org/changeset

03 Oct 2025 20:07Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.14.3

EPSS0.00078

SSVC