Vulnerabilities and security researches forgdpr-cookie-consent gdpr-cookie-consent
Direction: descendingJan 10, 2026
WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) # CVE-2025-66133
- CVE, Research URL
- Date
- Dec 16, 2025
- Research Description
- Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 4.0.7.
- Affected versions
-
max 4.0.7.
- Status
-
vulnerable
WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) # CVE-2025-14061
- CVE, Research URL
- Date
- Dec 17, 2025
- Research Description
- The Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the gdpr_delete_policy_data function in all versions up to, and including, 4.0.7. This makes it possible for unauthenticated attackers to permanently delete arbitrary posts, pages, attachments, and other post types by ID.
- Affected versions
-
max 4.0.8.
- Status
-
vulnerable
WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) # CVE-2025-66080
- CVE, Research URL
- Date
- Dec 30, 2025
- Research Description
- Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through 4.0.3.
- Affected versions
-
max 4.0.3.
- Status
-
vulnerable
Dec 11, 2025
WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) # CVE-2025-66075
- CVE, Research URL
- Date
- Nov 21, 2025
- Research Description
- Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 4.0.3.
- Affected versions
-
max 4.0.3.
- Status
-
vulnerable
Jun 15, 2025
WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) # CVE-2025-49285
- CVE, Research URL
- Date
- Jun 06, 2025
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent allows Cross Site Request Forgery. This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through 3.8.0.
- Affected versions
-
max 3.8.1.
- Status
-
vulnerable
May 07, 2025
WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) # CVE-2024-3599
- CVE, Research URL
- Date
- May 02, 2024
- Research Description
- The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdpr_policy_process_delete() function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to delete arbitrary posts.
- Affected versions
-
max 3.1.0.
- Status
-
vulnerable
Dec 13, 2024
WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) # CVE-2024-11724
- CVE, Research URL
- Date
- Dec 12, 2024
- Research Description
- The Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpl_script_save AJAX action in all versions up to, and including, 3.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to whitelist scripts.
- Affected versions
-
max 3.6.6.
- Status
-
vulnerable
Jun 27, 2024
WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) # CVE-2024-4869
- CVE, Research URL
- Date
- Jun 26, 2024
- Research Description
- The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
Min 1.0, max 3.3.0.
- Status
-
vulnerable
Jun 07, 2024
WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) # 6d8910c719b2a132ec93828cd37e418b19cac960
- CVE, Research URL
- Date
- Mar 04, 2022
- Research Description
- Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent [gdpr-cookie-consent] < 2.1.1 Freemius SDK <= 2.4.2 - Missing Authorization Checks The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
- Affected versions
-
max 2.1.1.
- Status
-
vulnerable
WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) # CVE-2023-23678
- CVE, Research URL
- Date
- Nov 07, 2023
- Research Description
- Improper Neutralization of Formula Elements in a CSV File vulnerability in WPEkaClub WP Cookie Consent ( for GDPR, CCPA & ePrivacy ).This issue affects WP Cookie Consent ( for GDPR, CCPA & ePrivacy ): from n/a through 2.2.5.
- Affected versions
-
max 2.2.6.
- Status
-
vulnerable