WordPress Plugin Vulnerabilities

GDPR Cookie Compliance < 4.12.5 - License Update/Deactivation via CSRF

Description

The plugin does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks

Proof of Concept

Affects Plugins

Plugin icon
gdpr-cookie-compliance
Fixed in 4.12.5

References

CVE
CVE-2023-4013

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Erwan LR (WPScan)
Submitter
Erwan LR (WPScan)
Verified
Yes
WPVDB ID
54e4494c-a280-4d91-803d-7d55159cdbc5

Timeline

Publicly Published
2023-08-07 (about 2 years ago)
Added
2023-08-07 (about 2 years ago)
Last Updated
2023-08-07 (about 2 years ago)

Other

Published
Title
Published
2024-07-08
Title
Advanced AJAX Page Loader <= 2.7.7 - Cross-Site Request Forgery to Arbitrary File Upload
Published
2022-02-22
Title
WP Google Map < 4.2.4 - Marker Category/Map Deletion via CSRF
Published
2025-05-16
Title
Audio Comments Plugin <= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2016-11-24
Title
PageLines Platform Theme <= 1.1.4 - Cross-Site Request Forgery (CSRF)
Published
2025-05-07
Title
Wiki Embed < 1.4.7 - Cross-Site Request Forgery