Primary

Context

Complianz GDPR/CCPA Cookie Consent Missing Authorization Vulnerability in WordPress REST API Endpoint

Vulnerability

A vulnerability exists in the Complianz – GDPR/CCPA Cookie Consent plugin for WordPress, affecting all versions up to and including 7.4.5. The issue arises from a REST API endpoint that allows unauthorized access to private, draft, or unpublished post content. This is due to the endpoint's permission callback being set to always return true, enabling any unauthenticated user to access sensitive information.

Impact

Exploitation of this vulnerability allows unauthorized users to access and read content from private, draft, or unpublished posts, specifically targeting the consent area blocks within those posts.

Remediation

Users are advised to update the Complianz – GDPR/CCPA Cookie Consent plugin to version 7.4.6 or a newer patched version.

Added: Apr 29, 2026, 9:20 AM

Updated: Apr 29, 2026, 9:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

0.0

relevance

7.0

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

0.0

relevance

7.0

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Complianz GDPR/CCPA Cookie Consent Missing Authorization Vulnerability in WordPress REST API Endpoint

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating