GDPR Cookie Consent < 1.8.3 - Improper Access Controls



Description
Improper Access Controls issue in the cli_policy_generator AJAX call which could allow an authenticated user with low privileges (such as a subscriber) to:

- Change the status of any post/page from published to draft, removing them from the frontend of the blog.

- Put a payload in the content of one of them, leading to Stored Cross-Site Scripting (XSS) issues. 

Affects Plugin

fixed in version 1.8.3

References

URL https://blog.nintechnet.com/wordpress-gdpr-cookie-consent-plugin-fixed-vulnerability/
URL https://www.wordfence.com/blog/2020/02/improper-access-controls-in-gdpr-cookie-consent-plugin/

Classification

Type MULTI

Miscellaneous

Original Researcher Jerome Bruandet (nintechnet.com)
Views 6346
Verified No
WPVDB ID 10069

Timeline

Publicly Published 2020-02-12 (about 2 months ago)
Added 2020-02-12 (about 2 months ago)
Last Updated 2020-02-13 (about 2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin