6.5
CVE-2023-4013
- EPSS 0.27%
- Veröffentlicht 30.08.2023 15:15:09
- Zuletzt bearbeitet 23.04.2025 17:16:40
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginGDPR Cookie Compliance < 4.12.5 - License Update/Deactivation via CSRF
GDPR Cookie Compliance <= 4.12.4 - Cross-Site Request Forgery to License Modification
The GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) WordPress plugin before 4.12.5 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks
Mögliche Gegenmaßnahme
GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law: Update to version 4.12.5, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mooveagency ≫ Gdpr Cookie Compliance SwPlatformwordpress Version < 4.12.5
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law
Version
*-4.12.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.182 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
https://wpscan.com/vulnerability/54e4494c-a280-4d91-803d-7d55159cdbc5
https://www.wordfence.com/threat-intel/vulnerabilities/id/8f847a61-4378-4b04-8eb4-99ef36417b6c