CVE-2022-0445

CVE-2022-0445: WordPress Real Cookie Banner < 2.14.2 - Settings Reset via CSRF

Vendor Unknown
Product WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent
Weakness CWE-352 · CSRF
Published March 7, 2022
Last update August 2, 2024

CVSS base score

What the vulnerability does

01Description

The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a logged in admin reset them via a CSRF attack

Key dates

02Disclosure timeline

March 7, 2022 CVE published
August 2, 2024 Record updated