PT-2026-20575 · WordPress · Gdpr Cookie Consent

Rafshanzani Suhada

Publicado

2026-02-19

Atualizado

2026-02-23

CVE-2025-11754

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions GDPR Cookie Consent plugin for WordPress versions up to and including 4.1.2

Description The plugin is susceptible to unauthorized data access because of a missing capability check on the /gdpr/v1/settings API endpoint. This allows unauthenticated attackers to retrieve sensitive plugin settings, including API tokens, email addresses, account IDs, and site keys.

Recommendations Update the GDPR Cookie Consent plugin to a version later than 4.1.2.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2025-11754

Produtos afetados

Gdpr Cookie Consent

PT-2026-20575 · WordPress · Gdpr Cookie Consent

CVE-2025-11754

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6