Cookie Notice for GDPR, CCPA & ePrivacy Consent < 4.0.4 – Missing Authorization | CVE 2025-66080

Affects Plugins

gdpr-cookie-consent

Fixed in 4.0.4

References

CVE

CVE-2025-66080

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/eec21a44-d65c-4090-8b60-32d333c54140

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CWE-862

CVSS

5.3 (medium)

Miscellaneous

Original Researcher

Legion Hunter

Verified

No

WPVDB ID

9623482f-06a1-4bb6-bf78-117cd5713f8a

Timeline

Publicly Published

2025-12-30 (about 4 months ago)

Added

2026-01-05 (about 4 months ago)

Last Updated

2026-01-05 (about 4 months ago)

Other

Published

Title

Published

2025-11-04

Title

FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce < 3.6.4.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending

Published

2023-09-05

Title

SAML SP Single Sign On < 5.0.5 - Missing Authorization to notice dismissal

Published

2026-05-05

Title

Mercado Pago payments for WooCommerce < 8.7.12 - Missing Authorization to Unauthenticated PIX Payment QR Code Image Disclosure

Published

2025-12-04

Title

AdForest < 6.0.12 - Missing Authorization

Published

2026-02-18

Title

Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent < 4.1.3 - Missing Authorization to Sensitive Information Exposure