Vulnerabilities and security researches forgdpr-cookie-consent gdpr-cookie-consent

Jun 07, 2024

CVE, Research URL: 6d8910c719b2a132ec93828cd37e418b19cac960
Home page URL: Security reports for WP Cookie Consent ( for GDPR, CCPA & ePrivacy )
Application: WP Cookie Consent ( for GDPR, CCPA & ePrivacy )
Date: Mar 04, 2022
Research Description: Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent [gdpr-cookie-consent] < 2.1.1 Freemius SDK <= 2.4.2 - Missing Authorization Checks The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-23678
Home page URL: Security reports for WP Cookie Consent ( for GDPR, CCPA & ePrivacy )
Application: WP Cookie Consent ( for GDPR, CCPA & ePrivacy )
Date: Nov 07, 2023
Research Description: Improper Neutralization of Formula Elements in a CSV File vulnerability in WPEkaClub WP Cookie Consent ( for GDPR, CCPA & ePrivacy ).This issue affects WP Cookie Consent ( for GDPR, CCPA & ePrivacy ): from n/a through 2.2.5.
Affected versions: Min -, max -.
Status: vulnerable

Jun 27, 2024

CVE, Research URL: CVE-2024-4869
Home page URL: Security reports for WP Cookie Consent ( for GDPR, CCPA & ePrivacy )
Application: WP Cookie Consent ( for GDPR, CCPA & ePrivacy )
Date: Jun 26, 2024
Research Description: The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Dec 13, 2024

CVE, Research URL: CVE-2024-11724
Home page URL: Security reports for WP Cookie Consent ( for GDPR, CCPA & ePrivacy )
Application: WP Cookie Consent ( for GDPR, CCPA & ePrivacy )
Date: Dec 12, 2024
Research Description: The Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpl_script_save AJAX action in all versions up to, and including, 3.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to whitelist scripts.
Affected versions: Min -, max -.
Status: vulnerable

May 07, 2025

CVE, Research URL: CVE-2024-3599
Home page URL: Security reports for WP Cookie Consent ( for GDPR, CCPA & ePrivacy )
Application: WP Cookie Consent ( for GDPR, CCPA & ePrivacy )
Date: May 02, 2024
Research Description: The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdpr_policy_process_delete() function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to delete arbitrary posts.
Affected versions: Min -, max -.
Status: vulnerable