exploitDog

CVE-2024-3599

Опубликовано: 02 мая 2024

Источник: nvd

CVSS3: 5.3

CVSS3: 5.3

EPSS Низкий

Описание

The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdpr_policy_process_delete() function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to delete arbitrary posts.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpeka:wp_cookie_consent:*:*:*:*:-:wordpress:*:*

Версия до 3.1.0 (исключая)

EPSS

Процентиль: 37%

0.00159

Низкий

5.3 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-xjf3-8j25-j4m3

CVSS3: 5.3

github

почти 2 года назад

The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdpr_policy_process_delete() function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to delete arbitrary posts.

EPSS

Процентиль: 37%

0.00159

Низкий

5.3 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-862