WordPress Plugin Vulnerabilities
GDPR Cookie Compliance <= 4.0.2 - Authenticated Settings Reset
Description
The gdpr_cookie_compliance_reset_settings AJAX action registered for authenticated users lacks authorisation and CSRF checks, allowing unauthorised authenticated users to call it, which would result in the settings being reset.
Affects Plugins
References
Classification
Type
PRIVESC
OWASP top 10
CWE
Miscellaneous
Original Researcher
Jerome Bruandet (Nintechnet.com)
Verified
No
WPVDB ID
Timeline
Publicly Published
2019-12-27 (about 4 years ago)
Added
2019-12-27 (about 4 years ago)
Last Updated
2023-06-08 (about 11 months ago)