CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
What the vulnerability does
Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 4.0.3.
Explanation of Vulnerability in Simple Terms
WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions 4.0.3 and earlier lack proper authorization checks. An unauthenticated attacker can make requests that disrupt the plugin's availability. The vulnerability requires no user interaction and is exploitable over the network. Site administrators should update to a version newer than 4.0.3.
What an attacker can do
Disrupt the plugin's availability by sending network requests without authentication.
Potential impact on your site
Your site's cookie consent functionality may become unavailable to visitors.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities
