Lucene search
K

4 matches found

NVD
NVD
added 2026/04/29 9:16 a.m.8 views

CVE-2026-4019

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/complianz/v1/consent-area/postid/blockid using returntrue as the permissioncallback, allowing any...

5.3CVSS0.00276EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/29 8:27 a.m.49 views

CVE-2026-4019 Complianz – GDPR/CCPA Cookie Consent <= 7.4.5 - Missing Authorization to Unauthenticated Private Post Content Disclosure via Consent Area REST Endpoint

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/complianz/v1/consent-area/postid/blockid using returntrue as the permissioncallback, allowing any...

5.3CVSS0.00276EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/29 8:27 a.m.2 views

CVE-2026-4019 Complianz – GDPR/CCPA Cookie Consent <= 7.4.5 - Missing Authorization to Unauthenticated Private Post Content Disclosure via Consent Area REST Endpoint

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/complianz/v1/consent-area/postid/blockid using returntrue as the permissioncallback, allowing any...

5.3CVSS5.3AI score0.00276EPSS
Exploits0References6
CVE
CVE
added 2026/04/29 8:27 a.m.21 views

CVE-2026-4019

The CVE-2026-4019 vulnerability affects the WordPress plugin Complianz – GDPR/CCPA Cookie Consent (versions up to and including 7.4.5). The REST endpoint /wp-json/complianz/v1/consent-area/{post_id}/{block_id} uses a permissive permission_callback (__return_true), enabling unauthenticated request...

5.3CVSS5.3AI score0.00276EPSS
Exploits0References6
Rows per page
Query Builder