CVE-2024-3599

Name of the Vulnerable Software and Affected Versions WP Cookie Consent plugin for WordPress versions up to, and including, 3.0.2

Description The issue is related to a missing capability check on the gdpr policy process delete() function, which allows unauthorized loss of data. This makes it possible for unauthenticated attackers to delete arbitrary posts.

Recommendations For WP Cookie Consent plugin for WordPress versions up to, and including, 3.0.2, update to a version higher than 3.0.2 to resolve the issue. As a temporary workaround, consider disabling the gdpr policy process delete() function until a patch is available.