CVE-2024-11724

Name of the Vulnerable Software and Affected Versions Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) plugin for WordPress versions up to, and including, 3.6.5

Description The issue concerns unauthorized modification of data due to a missing capability check on the wpl script save AJAX action. This allows authenticated attackers with Subscriber-level access and above to whitelist scripts.

Recommendations For versions up to, and including, 3.6.5, update to a version higher than 3.6.5 to resolve the issue. As a temporary workaround, consider restricting access to the wpl script save AJAX action to prevent unauthorized script whitelisting.