Vulnerabilities > CVE-2024-3599

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

network

low complexity

NVD

Published: 2024-05-02

Updated: 2024-05-02

Summary

The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdpr_policy_process_delete() function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to delete arbitrary posts.

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/4b9abbf1-d9f5-4406-9d0c-bc2f9891d0e8?source=cve
https://plugins.trac.wordpress.org/changeset/3071278/gdpr-cookie-consent/tags/3.1.0/admin/class-gdpr-cookie-consent-admin.php

Vulnerabilities > CVE-2024-3599 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2024-3599"}]}

Summary

References

Vulnerabilities > CVE-2024-3599