Gdpr Cookie Consent

Source repositories

https://plugins.svn.wordpress.org/gdpr-cookie-consent/

CVEs (4)

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-11754	WordPress Gdpr Cookie Consent	Hig	0.49	7.5	Feb 19, 2026	The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to retrieve sensitive plugin settings including API tokens, email addresses, account IDs, and site keys.
CVE-2025-66080	WordPress Gdpr Cookie Consent	Med	0.34	5.3	Dec 30, 2025	Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 4.0.3.
CVE-2025-66133	WordPress Gdpr Cookie Consent	Med	0.34	5.3	Dec 16, 2025	Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 4.0.7.
CVE-2025-49285	WordPress Gdpr Cookie Consent	Med	0.28	4.3	Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Cross Site Request Forgery.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 3.8.0.

CVE-2025-11754HigFeb 19, 2026
WordPress
Gdpr Cookie Consent
risk 0.49cvss 7.5epss 0.00
The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to retrieve sensitive plugin settings including API tokens, email addresses, account IDs, and site keys.
CVE-2025-66080MedDec 30, 2025
WordPress
Gdpr Cookie Consent
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 4.0.3.
CVE-2025-66133MedDec 16, 2025
WordPress
Gdpr Cookie Consent
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 4.0.7.
CVE-2025-49285MedJun 6, 2025
WordPress
Gdpr Cookie Consent
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Cross Site Request Forgery.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 3.8.0.