CVE-2019-25143
GDPR Cookie Compliance <= 4.0.2 - Missing Authorization
CVSS Score
5.4
EPSS Score
0.0%
EPSS Percentile
0th
The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and including, 4.0.2. This makes it possible for authenticated attackers to reset all of the settings.
| CWE | CWE-862 |
| Vendor | mooveagency |
| Product | gdpr cookie compliance – cookie banner, cookie consent, cookie notice for ccpa, eu cookie law |
| Published | Jun 7, 2023 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for mooveagency gdpr cookie compliance – cookie banner, cookie consent, cookie notice for ccpa, eu cookie law
Be the first to know when new medium vulnerabilities affecting mooveagency gdpr cookie compliance – cookie banner, cookie consent, cookie notice for ccpa, eu cookie law are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
mooveagency / GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law
0 ≤ 4.0.2
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/9116d719-f536-4b8a-9e73-9a8a922f8a35?source=cve blog.nintechnet.com: https://blog.nintechnet.com/wordpress-gdpr-cookie-compliance-plugin-fixed-authenticated-settings-deletion-vulnerability/ acunetix.com: https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-gdpr-cookie-compliance-security-bypass-4-0-2/ wpscan.com: https://wpscan.com/vulnerability/5ac51325-a7f5-4d38-9b41-61855206083d
Credits
Jerome Bruandet