PT-2026-20575 · WordPress · Gdpr Cookie Consent

Rafshanzani Suhada

Published

2026-02-19

Updated

2026-02-23

CVE-2025-11754

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions GDPR Cookie Consent plugin for WordPress versions up to and including 4.1.2

Description The plugin is susceptible to unauthorized data access because of a missing capability check on the /gdpr/v1/settings API endpoint. This allows unauthenticated attackers to retrieve sensitive plugin settings, including API tokens, email addresses, account IDs, and site keys.

Recommendations Update the GDPR Cookie Consent plugin to a version later than 4.1.2.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2025-11754

Affected Products

Gdpr Cookie Consent

PT-2026-20575 · WordPress · Gdpr Cookie Consent

CVE-2025-11754

Weakness Enumeration

Related Identifiers

Affected Products

References · 6