Vulnerability Description
The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and including, 4.0.2. This makes it possible for authenticated attackers to reset all of the settings.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mooveagency | Gdpr Cookie Compliance | < 4.0.3 |
Related Weaknesses (CWE)
References
- https://blog.nintechnet.com/wordpress-gdpr-cookie-compliance-plugin-fixed-authenExploit
- https://wpscan.com/vulnerability/5ac51325-a7f5-4d38-9b41-61855206083dThird Party Advisory
- https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-gdpr-cookie-compliThird Party Advisory
- https://www.wordfence.com/threat-intel/vulnerabilities/id/9116d719-f536-4b8a-9e7Broken LinkThird Party Advisory
- https://blog.nintechnet.com/wordpress-gdpr-cookie-compliance-plugin-fixed-authenExploit
- https://wpscan.com/vulnerability/5ac51325-a7f5-4d38-9b41-61855206083dThird Party Advisory
- https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-gdpr-cookie-compliThird Party Advisory
- https://www.wordfence.com/threat-intel/vulnerabilities/id/9116d719-f536-4b8a-9e7Broken LinkThird Party Advisory
FAQ
What is CVE-2019-25143?
CVE-2019-25143 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and ...
How severe is CVE-2019-25143?
CVE-2019-25143 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-25143?
Check the references section above for vendor advisories and patch information. Affected products include: Mooveagency Gdpr Cookie Compliance.