Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total5
Critical0
High2
Medium3
Reset
Showing 1-5 of 5 records
Threat Entry Updated 2026-02-19

CVE-2025-11754 - Gdpr Cookie Consent Plugin

The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to retrieve sensitive plugin settings including API tokens, email addresses, account IDs, and site keys.

PLUGIN Gdpr Cookie Consent

CVE-2025-11754

HIGH CVSS 7.5 2026-02-19
Open Full Technical Breakdown
Threat Entry Updated 2025-12-18

CVE-2025-14061 - Gdpr Cookie Consent Plugin

The Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the gdpr_delete_policy_data function in all versions up to, and including, 4.0.7. This makes it possible for unauthenticated attackers to permanently delete arbitrary posts, pages, attachments, and other post types by ID.

PLUGIN Gdpr Cookie Consent

CVE-2025-14061

MEDIUM CVSS 5.3 2025-12-17
Open Full Technical Breakdown
Threat Entry Updated 2025-06-12

CVE-2024-8286 - Gdpr Cookie Consent Plugin

The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting visit logs via CSRF attacks

PLUGIN Gdpr Cookie Consent

CVE-2024-8286

MEDIUM CVSS 6.5 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-06-12

CVE-2024-8397 - Gdpr Cookie Consent Plugin

The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Consent report' page and the malicious script is executed in the admin context.

PLUGIN Gdpr Cookie Consent

CVE-2024-8397

MEDIUM CVSS 5.4 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-07-09

CVE-2024-4869 - Gdpr Cookie Consent Plugin

The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Gdpr Cookie Consent

CVE-2024-4869

HIGH CVSS 7.2 2024-06-26
Open Full Technical Breakdown
Scroll to top