cleantalk
Vulnerabilities and Security Researches

Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics, CVE-2026-25407

CVE, Research URL

CVE-2026-25407

Home page URL

Security reports for Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics

Application

Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics

Published on
Feb 19, 2026
Research Description
Missing Authorization vulnerability in cookiebot Cookiebot cookiebot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cookiebot: from n/a through <= 4.6.4.
Affected versions
max 4.6.4.
Status
vulnerable
Previous vulnerability researches
WP iCal Availability (CVE-2023-46607) , Jun 10, 2024
WP iCal Availability (CVE-2023-41853) , Jun 07, 2024
New vulnerability
Complianz &#8211; GDPR/CCPA Cookie Consent (CVE-2025-11185) , Feb 27, 2026
HurryTimer &#8211; An Scarcity and Urgency Countdown Timer for WordPress &amp; WooCommerce (CVE-2026-24392) , Feb 27, 2026
Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics (CVE-2026-25407) , Feb 27, 2026
WP Activity Log (CVE-2026-25331) , Feb 27, 2026
Yoast Duplicate Post (CVE-2019-25314) , Feb 27, 2026