cleantalk
Vulnerabilities and Security Researches

GDPR CCPA Compliance Support, CVE-2024-5607

CVE, Research URL

CVE-2024-5607

Home page URL

Security reports for GDPR CCPA Compliance Support

Application

GDPR CCPA Compliance Support

Published on
Jun 07, 2024
Research Description
The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings() in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's settings, update page content, send arbitrary emails and inject malicious web scripts.
Affected versions
Min -, max 2.7.1.
Status
vulnerable
Previous vulnerability researches
GDPR CCPA Compliance Support (CVE-2025-48260) , Jun 05, 2025
GDPR CCPA Compliance Support (CVE-2024-5607) , Jun 08, 2024
GDPR CCPA Compliance Support (CVE-2020-36718) , Jun 07, 2024
GDPR CCPA Compliance Support (fa6f3c0ea1c420112c1e8b4e1aad37c2acf3a52f) , Jun 07, 2024
GDPR CCPA Compliance Support (CVE-2025-24591) , Jan 26, 2025
New vulnerability
The Plus Addons for Elementor (CVE-2025-49076) , Jun 06, 2025
WP Pipes (CVE-2025-48267) , Jun 06, 2025
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, (CVE-2025-5292) , Jun 06, 2025
Newsletters (CVE-2025-4857) , Jun 06, 2025
Royal Elementor Addons and Templates (CVE-2025-3813) , Jun 06, 2025