Lucene search
PRIOn knowledge basePRION:CVE-2023-6700HistoryFeb 05, 2024 - 10:15 p.m.
Information disclosure
2024-02-0522:15:00
PRIOn knowledge base
www.prio-n.com
6
information disclosure
cookie information
wordpress
vulnerability
arbitrary option updates
gdpr
ajax request handler
authentication
attacker
subscriber-level access
site options
administrator accounts
nvd
The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2.0.22. This makes it possible for authenticated attackers, with subscriber-level access or higher, to edit arbitrary site options which can be used to create administrator accounts.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wp-gdpr-compliance | le | 2.0.22 |
Related
nvd
nvd
CVE-2023-6700
2024-02-05 22:15:56
githubexploit
githubexploit
Exploit for Missing Authorization in Cookieinformation Wp-Gdpr-Compliance
2024-01-30 10:32:54
wpvulndb
wpvulndb
Cookie Information < 2.0.23 - Subscriber+ Arbitrary Options Update
2024-01-31 00:00:00
cvelist
cvelist
CVE-2023-6700
2024-02-05 21:21:41
cve
cve
CVE-2023-6700
2024-02-05 22:15:56
wpexploit
wpexploit
Cookie Information < 2.0.23 - Subscriber+ Arbitrary Options Update
2024-01-31 00:00:00
