cleantalk
Vulnerabilities and Security Researches

WP Cookie Consent ( for GDPR, CCPA & ePrivacy ), CVE-2025-11754

CVE, Research URL

CVE-2025-11754

Home page URL

Security reports for WP Cookie Consent ( for GDPR, CCPA & ePrivacy )

Application

WP Cookie Consent ( for GDPR, CCPA & ePrivacy )

Published on
Feb 19, 2026
Research Description
The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to retrieve sensitive plugin settings including API tokens, email addresses, account IDs, and site keys.
Affected versions
max 4.1.3.
Status
vulnerable
Previous vulnerability researches
Library Viewer (CVE-2023-32102) , Jun 07, 2024
Library Viewer (CVE-2023-32101) , Jun 07, 2024
Library Viewer (CVE-2025-15396) , Feb 27, 2026
New vulnerability
Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form (CVE-2026-25418) , Feb 28, 2026
Image Photo Gallery Final Tiles Grid (CVE-2026-25375) , Feb 28, 2026
Share This Image (CVE-2026-25010) , Feb 28, 2026
Bold Page Builder (CVE-2026-25451) , Feb 28, 2026
Bold Page Builder (CVE-2025-13463) , Feb 28, 2026