cleantalk
Vulnerabilities and Security Researches

WP Cookie Consent ( for GDPR, CCPA & ePrivacy ), CVE-2024-11724

CVE, Research URL

CVE-2024-11724

Home page URL

Security reports for WP Cookie Consent ( for GDPR, CCPA & ePrivacy )

Application

WP Cookie Consent ( for GDPR, CCPA & ePrivacy )

Published on
Dec 12, 2024
Research Description
The Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpl_script_save AJAX action in all versions up to, and including, 3.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to whitelist scripts.
Affected versions
Min -, max 3.6.6.
Status
vulnerable
Previous vulnerability researches
WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) (CVE-2024-11724) , Dec 13, 2024
WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) (CVE-2024-4869) , Jun 27, 2024
WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) (CVE-2024-3599) , May 07, 2025
WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 07, 2024
WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) (CVE-2023-23678) , Jun 07, 2024
New vulnerability
Xavin's List Subpages (CVE-2025-4220) , May 08, 2025
CarDealerPress (CVE-2025-3860) , May 08, 2025
Crossword Compiler Puzzles (CVE-2025-46493) , May 08, 2025
Frontend Dashboard (CVE-2025-4104) , May 08, 2025
Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce (CVE-2025-0671) , May 08, 2025