High severity7.5NVD Advisory· Published Feb 19, 2026· Updated Apr 15, 2026
CVE-2025-11754
CVE-2025-11754
Description
The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to retrieve sensitive plugin settings including API tokens, email addresses, account IDs, and site keys.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <=4.1.2
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.