Vulnerabilities and security researches forcookiebot cookiebot

Feb 27, 2026

CVE, Research URL: CVE-2026-25407
Home page URL: Security reports for Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics
Application: Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics
Date: Feb 19, 2026
Research Description: Missing Authorization vulnerability in cookiebot Cookiebot cookiebot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cookiebot: from n/a through <= 4.6.4.
Affected versions: max 4.6.4.
Status: vulnerable

Jul 03, 2025

CVE, Research URL: CVE-2025-53197
Home page URL: Security reports for Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics
Application: Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics
Date: Jun 27, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in cookiebot Cookiebot allows Cross Site Request Forgery. This issue affects Cookiebot: from n/a through 4.5.8.
Affected versions: max 4.5.9.
Status: vulnerable

Mar 06, 2025

CVE, Research URL: CVE-2025-1666
Home page URL: Security reports for Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics
Application: Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics
Date: Mar 06, 2025
Research Description: The Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the send_uninstall_survey() function in all versions up to, and including, 4.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit the uninstall survey on behalf of a website.
Affected versions: max 4.4.2.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: 6082e79a28c37bc70662b5ec82c1fb8eccc2fbc4
Home page URL: Security reports for Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics
Application: Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics
Date: Sep 09, 2020
Research Description: Usercentrics Cookiebot – Cookie Banner & Privacy Compliance for GDPR/CCPA/Google Consent Mode [cookiebot] < 3.6.1 WordPress Cookiebot plugin <= 3.6.0 - Reflected Cross-Site Scripting (XSS) vulnerability Reflected Cross-Site Scripting (XSS) vulnerability found by Antony Garand (Sucuri) in WordPress Cookiebot plugin (versions <= 3.6.0).
Affected versions: max 3.6.1.
Status: vulnerable