cleantalk
Vulnerabilities and Security Researches

WP Cookie Consent ( for GDPR, CCPA & ePrivacy ), CVE-2024-3599

CVE, Research URL

CVE-2024-3599

Home page URL

Security reports for WP Cookie Consent ( for GDPR, CCPA & ePrivacy )

Application

WP Cookie Consent ( for GDPR, CCPA & ePrivacy )

Published on
May 02, 2024
Research Description
The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdpr_policy_process_delete() function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to delete arbitrary posts.
Affected versions
Min -, max 3.1.0.
Status
vulnerable
Previous vulnerability researches
GTM4WP – A Google Tag Manager (GTM) plugin for WordPress , Jul 24, 2024
GTM4WP – A Google Tag Manager (GTM) plugin for WordPress (CVE-2022-1961) , Jun 07, 2024
GTM4WP – A Google Tag Manager (GTM) plugin for WordPress (CVE-2022-1707) , Jun 07, 2024
New vulnerability
Total Donations (CVE-2025-43837) , May 07, 2025
Syndicate Out (CVE-2025-43836) , May 07, 2025
Relevanssi – A Better Search (CVE-2025-4054) , May 07, 2025
Meta Keywords & Description (CVE-2025-46454) , May 07, 2025
Royal Elementor Addons and Templates (CVE-2024-12120) , May 07, 2025