Description
The GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) WordPress plugin before 4.12.5 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks
Published: 2023-08-30
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2023-53906 The GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) WordPress plugin before 4.12.5 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks
History

Wed, 23 Apr 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Mooveagency Gdpr Cookie Compliance
cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published:

Updated: 2025-04-23T16:19:00.440Z

Reserved: 2023-07-31T09:21:22.580Z

Link: CVE-2023-4013

cve-icon Vulnrichment

Updated: 2024-08-02T07:17:11.075Z

cve-icon NVD

Status : Modified

Published: 2023-08-30T15:15:09.567

Modified: 2025-04-23T17:16:40.617

Link: CVE-2023-4013

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses

No weakness.