Primary

Context

WordPress Cookie Banner Plugin Missing Authorization Vulnerability in Uninstall Survey Submission

Vulnerability

A vulnerability exists in the Cookie Banner plugin for WordPress, specifically in the Cookiebot CMP by Usercentrics, all versions through 4.4.1. The issue arises from a lack of proper capability checks in the send_uninstall_survey() function, allowing authenticated attackers with Subscriber-level access or higher to submit uninstall surveys on behalf of a website.

Impact

Exploitation of this vulnerability allows for unauthorized submission of uninstall surveys, potentially leading to misleading data collection or manipulation of survey response metrics.

Remediation

Users are advised to update the Cookiebot CMP plugin to version 4.4.2 or later, where this vulnerability has been patched.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.9

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.9

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Cookie Banner Plugin Missing Authorization Vulnerability in Uninstall Survey Submission

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating