WordPress Plugin Vulnerabilities

Complianz < 7.4.6 - Unauthenticated Private Post Content Disclosure

Description

The plugin is vulnerable to unauthorized data access due to the REST API endpoint at /wp-json/complianz/v1/consent-area/{post_id}/{block_id} using __return_true as the permission_callback, allowing any unauthenticated user to access it. The cmplz_rest_consented_content() function retrieves a post by ID via get_post() and returns the consentedContent attribute of any complianz/consent-area block found in it, without checking if the post is published or if the user has permission to read it. This makes it possible for unauthenticated attackers to read the consent area block content from private, draft, or unpublished posts.

Affects Plugins

Plugin icon
complianz-gdpr
Fixed in 7.4.6

References

CVE
CVE-2026-4019
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/3892489e-6ff7-4664-bb06-b8edff6dd659

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Wesley van de Kamp
Verified
No
WPVDB ID
b248dc72-a465-40e4-b4ea-444aef4d84ed

Timeline

Publicly Published
2026-04-28 (about 15 days ago)
Added
2026-04-28 (about 15 days ago)
Last Updated
2026-04-28 (about 15 days ago)

Other

Published
Title
Published
2023-04-19
Title
miniOrange's Google Authenticator < 5.6.6 - Missing Authorization to Plugin Settings Change
Published
2025-12-29
Title
Strong Testimonials < 3.2.19 - Missing Authorization to Authenticated (Contributor+) Rating Meta Update
Published
2023-05-23
Title
Go Pricing - WordPress Responsive Pricing Tables < 3.4 - Broken Access Control
Published
2026-01-20
Title
OpenPix <= 2.13.3 - Subscriber+ Payment Gateway Settings Reset
Published
2024-12-05
Title
Message Filter for Contact Form 7 < 1.6.3.1 - Subscriber+ Filter Updates/Deletions