Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2019-25143: WordPress Plugin GDPR Cookie Compliance Security Bypass (4.0.2) - Vulnerabilities

The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and including, 4.0.2. This makes it possible for authenticated attackers to reset all of the settings.

CVE
Open in Source
#xss#vulnerability#wordpress#auth

Description

WordPress Plugin GDPR Cookie Compliance is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently delete its settings. WordPress Plugin GDPR Cookie Compliance version 4.0.2 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 4.0.3 or latest

References

https://blog.nintechnet.com/wordpress-gdpr-cookie-compliance-plugin-fixed-authenticated-settings-deletion-vulnerability/

https://plugins.svn.wordpress.org/gdpr-cookie-compliance/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin Facebook-this Spam Links Injection (2.5)

WordPress Plugin Ultimate Addons for Elementor Security Bypass (1.20.0)

WordPress 3.7.3 Multiple Vulnerabilities (3.7 - 3.7.3)

WordPress Plugin Spotlight Social Feeds [Block, Shortcode, and Widget] Security Bypass (0.10.1)

WordPress Plugin Fudousan Cross-Site Scripting (5.7.0)

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE