WordPress Plugin Vulnerabilities

Seers < 8.1.2 - Unauthenticated Cookie Policy Update

Description

The plugin is vulnerable to unauthorized modification of data due to a missing capability check on multiple ajax functions, allowing unauthenticated attackers to modify the cookie policy and change the consent cookie name.

Affects Plugins

Plugin icon
seers-cookie-consent-banner-privacy-policy
Fixed in 8.1.2

References

CVE
CVE-2023-47515
URL
https://patchstack.com/database/vulnerability/seers-cookie-consent-banner-privacy-policy/wordpress-seers-gdpr-ccpa-cookie-consent-compliance-plugin-8-0-6-broken-access-control-vulnerability

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Abdi Pranata
Verified
No
WPVDB ID
ba00f24c-0486-4fa4-bc22-897bdc761920

Timeline

Publicly Published
2023-11-07 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2024-03-21 (about 2 years ago)

Other

Published
Title
Published
2026-05-04
Title
GeekyBot < 1.2.3 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation via 'geekybot_frontendajax' AJAX Action
Published
2025-01-24
Title
Bridge Core < 3.3.1 - Missing Authorization
Published
2026-01-01
Title
WP User Frontend < 4.2.5 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion
Published
2026-02-18
Title
Envo Extra < 1.9.14 - Missing Authorization
Published
2024-08-07
Title
Waitlist Woocommerce ( Back in stock notifier ) < 2.6.1 - Missing Authorization