Description
Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through <= 2.7.1.
Published: 2025-01-24
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Missing authorization in the Ninja Team GDPR CCPA Compliance Support plugin allows an attacker who gains access to the WordPress site to exploit incorrectly configured access control levels. The flaw means users may be able to perform actions beyond their intended permissions, potentially exposing confidential data or modifying site settings. This weakness is identified as CWE‑862 and is described as a broken access control vulnerability.

Affected Systems

The vulnerability affects the WordPress plugin Ninja Team GDPR CCPA Compliance Support, version 2.7.1 and earlier. Users running the plugin on a WordPress installation with a version at or below 2.7.1 are impacted.

Risk and Exploitability

The CVSS score of 4.3 indicates a medium impact if exploited. The EPSS score of less than 1% reflects a very low probability of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog, suggesting it is not currently being actively leveraged by threat actors. The likely attack vector is through a web interface that employs the plugin, where an attacker can take advantage of the missing authorization checks to elevate privileges or access restricted data. No exploit conditions are noted beyond the requirement to have access to the affected WordPress site.

Generated by OpenCVE AI on May 2, 2026 at 05:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Ninja Team GDPR CCPA Compliance Support plugin to a version newer than 2.7.1, if a patch is available.
  • If an update cannot be applied, disable or uninstall the plugin to eliminate the access control flaw.
  • Review and tighten the WordPress role permissions to ensure that users only have the privileges strictly necessary for their functions.

Generated by OpenCVE AI on May 2, 2026 at 05:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3795 Missing Authorization vulnerability in NinjaTeam GDPR CCPA Compliance Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GDPR CCPA Compliance Support: from n/a through 2.7.1.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in NinjaTeam GDPR CCPA Compliance Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GDPR CCPA Compliance Support: from n/a through 2.7.1. Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through <= 2.7.1.
First Time appeared Ninjateam
Ninjateam gdpr Ccpa Compliance \& Cookie Consent Banner
CPEs cpe:2.3:a:ninjateam:gdpr_ccpa_compliance_\&_cookie_consent_banner:*:*:*:*:*:wordpress:*:*
Vendors & Products Ninjateam
Ninjateam gdpr Ccpa Compliance \& Cookie Consent Banner
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

 cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 24 Jan 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 24 Jan 2025 17:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in NinjaTeam GDPR CCPA Compliance Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GDPR CCPA Compliance Support: from n/a through 2.7.1.
Title WordPress GDPR CCPA Compliance & Cookie Consent Banner plugin <= 2.7.1 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Ninjateam Gdpr Ccpa Compliance \& Cookie Consent Banner
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-11T23:16:35.810Z

Reserved: 2025-01-23T14:50:49.324Z

Link: CVE-2025-24591

cve-icon Vulnrichment

Updated: 2025-01-24T18:48:02.781Z

cve-icon NVD

Status : Modified

Published: 2025-01-24T18:15:36.160

Modified: 2026-04-23T15:25:04.770

Link: CVE-2025-24591

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T05:30:26Z

Weaknesses