Medium severity5.3NVD Advisory· Published Dec 17, 2025· Updated Apr 15, 2026
CVE-2025-14061
CVE-2025-14061
Description
The Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the gdpr_delete_policy_data function in all versions up to, and including, 4.0.7. This makes it possible for unauthenticated attackers to permanently delete arbitrary posts, pages, attachments, and other post types by ID.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <=4.0.7
Patches
Vulnerability mechanics
References
3- plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.0.6/admin/class-gdpr-cookie-consent-admin.phpnvd
- plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.0.6/admin/class-gdpr-cookie-consent-admin.phpnvd
- www.wordfence.com/threat-intel/vulnerabilities/id/866b4ca8-563f-4a19-bbf7-79a79f07d53dnvd
News mentions
0No linked articles in our index yet.