Vulnerabilities > CVE-2025-24591 - Missing Authorization vulnerability in Ninjateam Gdpr Ccpa Compliance & Cookie Consent Banner

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

ninjateam

CWE-862

NVD

Published: 2025-01-24

Updated: 2025-01-24

Summary

Missing Authorization vulnerability in NinjaTeam GDPR CCPA Compliance Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GDPR CCPA Compliance Support: from n/a through 2.7.1.

Vulnerable Configurations

Part	Description	Count
Application	Ninjateam Ninjateam Gdpr Ccpa Compliance & Cookie Consent Banner *	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://patchstack.com/database/wordpress/plugin/ninja-gdpr-compliance/vulnerability/wordpress-gdpr-ccpa-compliance-cookie-consent-banner-plugin-2-7-1-broken-access-control-vulnerability?_s_id=cve