Medium severity5.3NVD Advisory· Published May 2, 2024· Updated Apr 8, 2026

CVE-2024-3599

Description

The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdpr_policy_process_delete() function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to delete arbitrary posts.

Affected products

Wpeka/Wp Cookie Consent
cpe:2.3:a:wpeka:wp_cookie_consent:*:*:*:*:-:wordpress:*:*
Range: <3.1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/changeset/3071278/gdpr-cookie-consent/tags/3.1.0/admin/class-gdpr-cookie-consent-admin.phpnvdPatch
www.wordfence.com/threat-intel/vulnerabilities/id/4b9abbf1-d9f5-4406-9d0c-bc2f9891d0e8nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000