PT-2023-11370 · WordPress · Gdpr Cookie Compliance
Jerome Bruandet
·
Publicado
2023-06-07
·
Atualizado
2023-06-13
·
CVE-2019-25143
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
GDPR Cookie Compliance plugin for WordPress versions up to, and including, 4.0.2
Description
The issue is related to a missing capability check on the
gdpr cookie compliance reset settings AJAX action, which allows authenticated attackers to reset all settings.Recommendations
For GDPR Cookie Compliance plugin for WordPress versions up to, and including, 4.0.2, update to a version higher than 4.0.2 to resolve the issue.
Exploit
Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Gdpr Cookie Compliance