Published: 05/02/2024 Updated: 09/02/2024

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2.0.22. This makes it possible for authenticated attackers, with subscriber-level access or higher, to edit arbitrary site options which can be used to create administrator accounts.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cookieinformation wp-gdpr-compliance

Cookie Information | Free GDPR Consent Solution <= 2.0.22 - Authenticated (Subscriber+) Arbitrary Options Update

CVE-2023-6700 Cookie Information | Free GDPR Consent Solution <= 2022 - Authenticated (Subscriber+) Arbitrary Options Update Description: CVE-2023-6700 The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2022

CWE-862 https://www.wordfence.com/threat-intel/vulnerabilities/id/42a4ef37-c842-4925-b06a-3e6423337567?source=cve https://plugins.trac.wordpress.org/changeset/3028096/wp-gdpr-compliance/trunk?contextall=1&old=2865555&old_path=%2Fwp-gdpr-compliance%2Ftrunk https://nvd.nist.gov https://github.com/RandomRobbieBF/CVE-2023-6700

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-6700

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect