CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5607 – GDPR CCPA Compliance & Cookie Consent Banner <= 2.7.0 - Missing Authorization to Settings Update and Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-5607
06 Jun 2024 — The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings() in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's settings, update page content, send arbitrary emails and inject malicious web scripts. El complemento GDPR CCPA Compliance & Cookie Consent Banne... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3097680%40ninja-gdpr-compliance&new=3097680%40ninja-gdpr-compliance&sfp_email=&sfph_mail= • CWE-862: Missing Authorization •