CVE-2026-24604

Missing Authorization vulnerability in themebeez Simple GDPR Cookie Compliance simple-gdpr-cookie-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple GDPR Cookie Compliance: from n/a through = 2.0.0...

WordPress plugin Simple GDPR Cookie Compliance has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

EUVD-2025-6563

Malicious code in bioql PyPI...

PT-2025-11382 · WordPress · Gdpr Cookie Compliance

Name of the Vulnerable Software and Affected Versions: GDPR Cookie Compliance WordPress plugin versions prior to 4.15.7 Description: The issue concerns the GDPR Cookie Compliance WordPress plugin, which does not properly sanitize and escape some of its settings. This could allow high-privilege...

WordPress plugin GDPR Cookie Compliance 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress GDPR Cookie Compliance plugin < 4.15.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin GDPR Cookie Compliance versions 4.15.7...

PT-2023-19121 · Wpekaclub · Wpekaclub Wp Cookie Consent

Name of the Vulnerable Software and Affected Versions: WPEkaClub WP Cookie Consent for GDPR, CCPA & ePrivacy versions through 2.2.5 Description: The issue is related to improper neutralization of formula elements in a CSV file. This affects the WP Cookie Consent plugin for GDPR, CCPA, and ePrivac...

WordPress GDPR Cookie Compliance Plugin < 4.12.5 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mooveagency:gdprcookiecompliance"; ifdescription...

CVE-2023-4013

The GDPR Cookie Compliance CCPA, DSGVO, Cookie Consent WordPress plugin before 4.12.5 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks...

Cross site request forgery (csrf)

The GDPR Cookie Compliance CCPA, DSGVO, Cookie Consent WordPress plugin before 4.12.5 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks...

CVE-2023-4013

CVE-2023-4013 affects the GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) WordPress plugin prior to version 4.12.5. The vulnerability is a CSRF issue in license management that could allow an attacker with no special privileges to cause a logged-in admin to update or deactivate the plugin’s ...

CVE-2023-4013 GDPR Cookie Compliance < 4.12.5 - License Update/Deactivation via CSRF

The GDPR Cookie Compliance CCPA, DSGVO, Cookie Consent WordPress plugin before 4.12.5 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks...

PT-2023-27282 · WordPress · Gdpr Cookie Compliance

Name of the Vulnerable Software and Affected Versions: GDPR Cookie Compliance CCPA, DSGVO, Cookie Consent WordPress plugin versions prior to 4.12.5 Description: The issue is related to a lack of proper CSRF checks when managing the plugin's license. This could allow attackers to make logged-in...

GDPR Cookie Compliance < 4.12.5 - License Update/Deactivation via CSRF

Description The plugin does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks Make a logged in admin open a page with the code below To make them deactivate the license To make th...

DRUPAL-CONTRIB-2023-021

CivicCookieControl is a module that can help make a website compliant with EU and UK cookie legislation. The Civic GovUK Cookie Control module does not sufficiently sanitize the configuration resulting in a Cross-Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that t...

Authorization

The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdprcookiecomplianceresetsettings AJAX action in versions up to, and including, 4.0.2. This makes it possible for authenticated attackers to reset all of the settings...

CVE-2019-25143

The CVE-2019-25143 entry concerns the WordPress GDPR Cookie Compliance plugin. Affected component: gdpr_cookie_compliance_reset_settings AJAX action. Root cause: missing capability check, allowing an authorization bypass. Versions up to and including 4.0.2 are affected. Impact: authenticated atta...

CVE-2019-25143 GDPR Cookie Compliance <= 4.0.2 - Missing Authorization

The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdprcookiecomplianceresetsettings AJAX action in versions up to, and including, 4.0.2. This makes it possible for authenticated attackers to reset all of the settings...

WordPress GDPR Cookie Compliance plugin <= 4.0.2 - Authenticated Settings Reset vulnerability

Authenticated Settings Reset vulnerability found by Jerome Bruandet in WordPress GDPR Cookie Compliance plugin versions = 4.0.2. Solution Update the WordPress GDPR Cookie Compliance plugin to the latest available version at least 4.0.3...

GDPR Cookie Compliance <= 4.0.2 - Authenticated Settings Reset

The gdprcookiecomplianceresetsettings AJAX action registered for authenticated users lacks authorisation and CSRF checks, allowing unauthorised authenticated users to call it, which would result in the settings being reset...