Lucene search
K

85 matches found

Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-12955 Cookie Banner for GDPR / CCPA <= 4.3.6 - Missing Authorization to Authenticated (Subscriber+) Scan Schedule Modification via gcc_save_schedule_scan AJAX Action

The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the gdprcookieconsentajaxsaveschedulescan function the wpajaxgccsaveschedulescan AJAX action in versions up to, and including, 4.3.6...

4.3CVSS0.00196EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42844

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

4.9CVSS6.1AI score0.00294EPSS
Exploits0References7
CVE
CVE
added 6 days ago6 views

CVE-2026-14475

The CVE-2026-14475 entry relates to the WordPress plugin “WPLP Cookie Consent” (GDPR/CCPA banner) with a SQL Injection vulnerability via the scan_id parameter in all versions up to 4.3.6. The root cause is insufficient escaping of the user-supplied parameter and inadequate preparation of the exis...

4.9CVSS6.1AI score0.00294EPSS
Exploits0References7
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-14475 Cookie Banner for GDPR / CCPA <= 4.3.6 - Authenticated (Administrator+) SQL Injection via 'scan_id' Parameter

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

4.9CVSS0.00294EPSS
Exploits0References7
Patchstack
Patchstack
added last week4 views

WordPress Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin <= 4.3.6 - Missing Authorization to Authenticated (Subscriber+) Scan Schedule Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Scan Schedule Modification vulnerability discovered by PRISM in WordPress Plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions = 4.3.6...

4.3CVSS6.1AI score0.00196EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/03 2:16 a.m.7 views

CVE-2026-12920

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 4.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00301EPSS
Exploits0References6
CVE
CVE
added 2026/07/03 1:28 a.m.20 views

CVE-2026-12920

The vulnerability affects the WordPress plugin GDPR Cookie Consent (WPLP Cookie Consent) for all versions up to and including 4.3.5. It is a generic SQL Injection via the 's' parameter caused by insufficient escaping and lack of proper SQL query preparation. Validated impact: authenticated attack...

4.9CVSS5.8AI score0.00301EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/03 1:28 a.m.39 views

CVE-2026-12920 Cookie Banner for GDPR / CCPA <= 4.3.5 - Authenticated (Administrator+) SQL Injection via 's' Parameter

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 4.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00301EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.12 views

PT-2026-55443

Name of the Vulnerable Software and Affected Versions Cookie Banner for GDPR / CCPA – WPLP Cookie Consent versions prior to 4.3.6 Description This issue is a generic SQL Injection, which occurs when an application fails to properly sanitize user input, allowing an attacker to interfere with the...

4.9CVSS6AI score0.00301EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/01/14 8:22 p.m.9 views

CVE-2026-22809

tarteaucitron.js is a compliant and accessible cookie banner. Prior to 1.29.0, a Regular Expression Denial of Service ReDoS vulnerability was identified in tarteaucitron.js in the handling of the issuuid parameter. This vulnerability is fixed in 1.29.0...

4.4CVSS6.8AI score0.00107EPSS
Exploits0References1
NVD
NVD
added 2026/01/13 8:16 p.m.6 views

CVE-2026-22809

tarteaucitron.js is a compliant and accessible cookie banner. Prior to 1.29.0, a Regular Expression Denial of Service ReDoS vulnerability was identified in tarteaucitron.js in the handling of the issuuid parameter. This vulnerability is fixed in 1.29.0...

4.4CVSS0.00107EPSS
Exploits0References2
CVE
CVE
added 2026/01/13 7:36 p.m.20 views

CVE-2026-22809

tarteaucitron.js has a ReDoS vulnerability in the handling of the issuu_id parameter, fixed in version 1.29.0. Prior to 1.29.0, insufficiently constrained regex could cause excessive backtracking and CPU consumption. Upgrading to 1.29.0 or applying the mitigation described in public advisories is...

4.4CVSS6.4AI score0.00107EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/01/13 7:36 p.m.7 views

CVE-2026-22809 tarteaucitron.js has Regular Expression Denial of Service (ReDoS) vulnerability

tarteaucitron.js is a compliant and accessible cookie banner. Prior to 1.29.0, a Regular Expression Denial of Service ReDoS vulnerability was identified in tarteaucitron.js in the handling of the issuuid parameter. This vulnerability is fixed in 1.29.0...

4.4CVSS6.7AI score0.00107EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 10:45 a.m.8 views

CVE-2022-0445

The WordPress Real Cookie Banner: GDPR DSGVO & ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a logged in admin reset them via a CSRF attack...

6.5CVSS6.7AI score0.00523EPSS
Exploits2References1
NVD
NVD
added 2025/12/17 7:15 a.m.4 views

CVE-2025-14061

The Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker for GDPR, CCPA & ePrivacy : WP Cookie Consent plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the gdprdeletepolicydata function in all versions up to, and...

5.3CVSS0.00227EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/25 9:33 a.m.19 views

CVE-2025-12136

The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.2.4. This is due to insufficient validation on the user-supplied URL in the '/scanner/scan-without-login' REST API endpoint. This makes ...

6.8CVSS5.8AI score0.00358EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/25 12:0 a.m.6 views

WordPress plugin Real Cookie Banner 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

6.8CVSS6.7AI score0.00358EPSS
Exploits0References8
NVD
NVD
added 2025/10/24 10:15 a.m.8 views

CVE-2025-12136

The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.2.4. This is due to insufficient validation on the user-supplied URL in the '/scanner/scan-without-login' REST API endpoint. This makes ...

6.8CVSS0.00358EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/10/24 9:23 a.m.14 views

CVE-2025-12136 Real Cookie Banner: GDPR & ePrivacy Cookie Consent <= 5.2.4 - Authenticated (Admin+) Server-Side Request Forgery via scan-without-login Endpoint

The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.2.4. This is due to insufficient validation on the user-supplied URL in the '/scanner/scan-without-login' REST API endpoint. This makes ...

6.8CVSS0.00358EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/10/24 9:23 a.m.7 views

CVE-2025-12136 Real Cookie Banner: GDPR & ePrivacy Cookie Consent <= 5.2.4 - Authenticated (Admin+) Server-Side Request Forgery via scan-without-login Endpoint

The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.2.4. This is due to insufficient validation on the user-supplied URL in the '/scanner/scan-without-login' REST API endpoint. This makes ...

6.8CVSS5.4AI score0.00358EPSS
Exploits0References7
Rows per page
Query Builder